The number of organizations that manage customer data is increasing. This also increases the demand for SOC 2 reports that answer the question of whether information security is well organized at these organizations. IT companies today are expected to be SOC 2 compliant, especially when they store data in the cloud.
Systems and Controls – SOC reporting is all about controls. An ISAE 3402 | SOC 1 reporting for financial outsourcing, such as asset management, SaaS-providers (financial software), datacenters (storage of financial data). ISAE 3000 | SOC 2 reporting is focused at a broader IT scope, for user organizations with additional requirements on security, availability, processing integrity, confidentiality and privacy.