Operationally Necessary Cookies
SOC 2 is a voluntary compliance standard for services organizations, which defines criteria for managing customer data. SOC 2 is the second of three types of reports under the System and Organization Controls (SOC) standards program managed by the American Institute of Certified Public Accountants (AICPA). SOC 2 is based on five core “trust service principles” – Security, Availability, Processing Integrity, Confidentiality, and Privacy.
The SOC 2 core “Trust Service Principles” focus on IT controls in the following areas:
SOC 2 reports provide internal and external stakeholders—regulators, customers, partners, vendors, etc.—with detailed information about the controls in place to manage and process their user data.
SOC 2 reports come in two types:
You can find more detailed information about SOC 2 at the AICPA.
Want to learn more? Check out our FREE Bugcrowd University to sharpen your hacking skills.
Organizations the world over need your help! Join our researcher community to connect with hundreds of organization programs focused on finding their security vulnerabilities. Our vast directory includes programs for all skill levels, across many industries and from around the world.
Stay current with the latest security trends from Bugcrowd