System and Organization Control (SOC) reporting is a way for companies to provide independent validation of their internal controls for stakeholders, business partners, and compliance purposes. While there are multiple kinds of SOC reports, a SOC 2® examination utilizes a set of pre-defined criteria designed to provide an overview of controls relevant to security, availability, processing integrity, confidentiality, or privacy. The various SOC reports can be used for a variety of purposes, including third-party risk management, financial statement audits, cybersecurity, due diligence, or general compliance purposes.
During an interview with Trustero, Managing Director David Barton demystifies the different kinds of SOC reporting and how companies can identify which report they need
Have a Question?
Please complete this form to hear from David Barton