SOC 2 is an auditing procedure developed by the American Institute of CPAs (AICPA) to ensure service providers are securely handling, managing, and storing data. Being SOC 2 compliant assures your customers that you have the infrastructure, tools, and processes to protect their information. SOC 2 defines criteria for safeguarding customer data based on five Trust Service Criteria—security, availability, processing integrity, confidentiality, and privacy.
The SOC 2 Compliance Application supports organizations seeking SOC 2 compliance, which is ultimately determined by a technical audit from an outside party. SOC 2 is not a prescriptive list of controls, tools, or processes―each company adopts the practices and processes relevant to their own objectives and operations using AICPA’s Trust Services Criteria.
This Application allows organizations to evaluate their internal controls, policies, and procedures against the criteria and helps them prepare for and achieve a SOC 2 attestation report. Once controls are identified, organizations can evaluate controls, document exceptions, assign requests, create corrective actions, and remediate weaknesses.