What is SOC 2 Compliance?
SOC 2 Compliance Certification is an auditing process that demonstrates that your business manages customer data securely and in a comprehensive way that protects your customers’ privacy and the privacy of the business.
Developed by the American Institute of CPAs (AICPA), SOC 2 audits use five “trust service principles” to examine the way your business manages customer data:
- Processing integrity
The Compliance Certification audits are performed by a third-party auditor (a certified public accountant) who will then issue the compliant business one of two types of certification:
Type I Certification – Typically the first step organizations might take, Type I is an attestation of compliance with SOC 2 controls at a specific point in time. This demonstrates that an organization has established proper security and privacy hygiene.
Type II Certification – an attestation of compliance with SOC 2 controls over a period of time (at least 6 months). This demonstrates that not only has an organization established proper security and privacy hygiene, but it is also continuously maintaining it.