FAQ: What is a SOC 2?

FAQ: What is a SOC 2?

The Service and Organization Controls 2 Report, formally known as a Service Organization Controls Report as of the most recent update to the SSAE 18 audit standard. A SOC 2 report can cover the design (type 1 report) or operating effectiveness (type 2 report) of controls around a Company’s system over any number of categories, including, Security, Availability, Confidentiality, Processing Integrity, and/or Privacy.

See our more detailed SOC 2 Report page for more information.

Additional FAQs

How long does a SOC 1 take to complete?

This depends on how prepared and how many resources an Organization has to dedicate to the project. The first time through, usually a readiness assessment would be performed, and then

How does a company get SOC 2 certified?

SOC 2 is not a certification, it’s a third party attestation of the controls in place at your organization. Typically when a company is asking this question though the answer

What is SSAE 18 (formerly SSAE 16)?

The SSAE 18 audit standard is a framework for reporting on an examination of controls at a service organization relevant to user entities’ internal control over financial reporting.

SOC 1 Report – Who needs it?

Organizations that handle financial transactions, especially those impacting external financial statements, are good examples of those who need SOC1 audits.

What are the costs of SOC 2?

There are a lot of factors that go into responding to this question. There are audit, consulting, software, internal resources, and other factors to consider which can easily grow from

Get Our Emails

SOC Reporting Guide