Report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, and/or Privacy
Attestation services that result in a formal report on controls to be provided to your customers. SOC 2 reports are intended to be used by user organizations that need to obtain detailed information about the service organization’s system and independent assurance about the controls performed by the service organization related to security, availability, processing integrity, confidentiality and/or privacy. These reports can play an important role in oversight of the organization, vendor management programs, internal corporate governance and risk management processes, and regulatory oversight. The service organization may select to cover security, availability, processing integrity, confidentiality, and/or privacy based on the needs of its customers. The service organization must then describe the controls it has in place to satisfy the criteria specified for each chosen principal. Service organizations have the option to issue a Type 1 or Type 2 report.