Martin Hořický
SOC 2, formally known as Service Organization Control 2, reports on various organizational controls related to security, availability, processing integrity, confidentiality or privacy.
The standard for regulating these five issues was formed under the AICPA Trust Services Principles and Criteria. SOC 2 is divided into type 1 and type 2.
Criteria
The SOC is based on the five criteria for trust services (Trust Services Principles) as defined by the American Institute of Certified Public Accountants (AICPA).
These trusted service criteria are essential elements of cybersecurity. They include organisational controls, risk assessment, risk mitigation, risk management and change management.