AICPA SOC 2
AICPA SOC 2 (Service OrganiSation Control 2) is an auditing standard developed by the American Institute of Certified Public Accountants (AICPA) that defines criteria for assessing the security, availability, processing integrity, confidentiality, and privacy of customer data in service organisations.
SOC 2 reports are used to provide assurance to customers and stakeholders that a service organization has adequate controls in place to protect their data.
- Trust Services Criteria (TSC): The SOC 2 framework is based on five TSC categories: security, availability, processing integrity, confidentiality, and privacy. These categories represent the areas in which service organizations must demonstrate adequate controls.
- Description of System: The service organization must provide a detailed description of its systems, including the services provided, infrastructure, policies, and procedures.
- Management Assertion: The service organization's management must provide a written assertion that the description of its systems is accurate and complete.
- Auditor's Report: An independent auditor must evaluate the service organization's controls and provide an opinion on whether they are suitably designed and operating effectively.
- SOC 2 Reports: The auditor's report is used to create SOC 2 reports that summarise the service organisation's controls in the TSC categories. These reports are shared with customers and other stakeholders to provide assurance that the service organisation has adequate controls in place.
Overall, the AICPA SOC 2 regulation is a widely used standard that helps service organisations demonstrate their commitment to protecting customer data and provides customers with assurance that their data is in safe hands.
Gatekeeper is SOC 2 Type 2 certified.