IOTW: Over 77,000 Uber employee details leaked in data breach
How carding can affect your business
Customer details compromised in LastPass data breaches
The most dangerous cyber security threats of 2023
How does CISO strategy prevent threats?
Investigation launched into Twitter after 400m user details posted on hacking fo…
IOTW: Almost 50,000 UK government workers vulnerable to cyber attacks
How to foster secure and efficient data practices
IOTW: LastPass facing class action lawsuit following data breach
Cyber attack against Royal Mail linked to Russian hackers


SOC 2 is one of three SOC groups of report SOC 1, SOC 2 and SOC 3. The SOC 1 report is prepared in accordance with Statements on Standards for Attestation Engagements (SSAE 16) for reporting on controls relevant to internal control over financial reporting (ICFR), an attestation engagement is commonly known as a Service Organization Controls 1 report. The SOC 2 and SOC 3 reports are prepared in accordance with SSAE’s AT Section 101 and used to report on controls relevant to security,
availability, processing integrity, confidentiality, or privacy.

The SAS 70 report was the one superseded by three Service Organizations Control (SOC) reports effective 15 June 2011.


• May be better suited for outsourced technology-focused services and assessment of overall technology controls.
• Independent examination of controls.
• Concept of Type 1 (design of controls only) and Type 2 (design and operating effectiveness of controls).
• Reporting on nonfinancial controls.
• Adherence to the defined principles and related criteria, making reports comparable from different service organizations; omissions stated in the auditor’s opinion.
• Used to emphasize system security, availability, processing integrity, confidentiality and privacy.
• Includes details of the processing and controls at a service organization, the tests performed by the service auditor, and the results of the tests.
• May address privacy and availability, generally excluded from a SOC 1 report (especially privacy).
• Distribution of report not as restricted as a SOC 1 report; includes individuals with the ability to
understand the content of the report.

Leave a Reply

Your email address will not be published. Required fields are marked *