What is SOC 2?
Service Organization Controls (SOC) 2 reports are intended to meet the needs of a broad range of users that need information and assurance about the controls at a service organization that affect the security, availability, and processing integrity of the systems the service organization uses to process users’ data and the confidentiality and privacy of the information processed by these systems.
Examples of stakeholders who may need these reports are, management or those charged with governance of the user entities and of the service organization, customers of the service organization, regulators, business partners, suppliers, and others who have an understanding of the service organization and its controls. Use of these reports generally is restricted to parties that have this understanding The AICPA Guide: Reports on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy (currently under development) provides guidance for performing these engagements.
These reports can play an important role in:
- Oversight of the organization
- Vendor management programs
- Internal corporate governance and risk management processes
- Regulatory oversight
Businesses rely on SSAE 16 and SOC 2 audits and reports to build trust and confidence in their service provider’s ability to design, operate and control environments on which their business depends. Additionally, SSAE 16 and SOC 2 audits may assist an entity in complying with the Sarbanes-Oxley act or similar law or regulation.
What are SOC Reports?
Service Organization Controls (SOC) Reports are prepared by an auditor in accordance with AICPA standards and are specifically intended to evaluate a service organizations controls. There are three SOC reports:
- SSAE 16 SOC 1: Report on Controls at a Service Organization Relevant to User Entities’ Internal Control over Financial Reporting (commonly referred to as SSAE 16) and based on SSAE 16 standards.
- Type 1: report on the fairness of the presentation of management’s description of the service organization’s system and the suitability of the design of the controls to achieve the related control objectives included in the description throughout a specified period.
- Type 2: report on the fairness of the presentation of management’s description of the service organization’s system and the suitability of the design and operating effectiveness of the controls to achieve the related control objectives included in the description throughout a specified period.
- SOC 2: Report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy based on AICPA SOC 2 standards.
- SOC 3: Trust Services Report for Service Organizations.
Use of these reports is typically restricted to the management of the service organization, user entities, and user auditors.
Learn How 365 Can Help You
365 Data Center Certified & Complaint Data Centers
How Do SSAE16 and SOC 2 Certifications Benefit Your Business?
Businesses that use service organizations that have been audited for SSAE 16 and SOC 2 compliance should have a higher level of trust and confidence in that organizations controls and operational capabilities. Additionally, entity’s that are being audited themselves for SSAE 16, SOC 2, Sarbanes-Oxley compliance or similar law or regulation will find it easier to comply with requirements when using an SSAE 16 and SOC 2-audited service organization. This will speed compliance and reduce the cost of compliance.
Are 365 Data Centers’ SSAE 16 and SOC 2 Audit Reports Available to Review?
Yes, 365 Data Center’s SSAE 16 and SOC 2 audit reports are available to customers and qualified prospective customers and partners upon request. Please contact us for more information or to request a copy of our audit reports.