How to get SOC 2 Compliance


What is SOC 2?

The requirements of System and Organization Control 2 are established by the American Institute of CPAs.  SOC 2 defines criteria for managing customer data based on the five “Trust Service Principles”—security, availability, processing integrity, confidentiality and privacy.


A SOC 2 is a System and Organization Control 2 report. A SOC 2 report illustrate that service organizations receive and share with stakeholders to demonstrate that general IT controls are in place to secure the service provided.

SOC 2 is NOT a Certification

A SOC 2 is NOT a Certification but an audit report compiled by the Certified Public Accountants  under the AICPA’s (American Institute of Certified Public Accountants). A CPA firm attests that controls are in place and either designed effectively.

SOC 2 Report Structure

  • Independent auditor report
  • Management’s Assertion
  • Description of the system
  • Auditor’s test of controls and result of tests

SOC 2 Audit Report

What is difference between SOC 2 Type1 Report and SOC 2 Type 2 Report?


A SOC 2 Type I report empahasize on the description of a service organization’s system, related control objectives, and the suitability of controls to achieve those objectives of a specific date and represents an auditor’s review and approval of your systems at that moment in time;


A SOC 2 Type II report shows not only that you understand the necessary security procedures with the addition of an assessment of the operating effectiveness of the controls to achieve the control objectives throughout a period of several months. 

Call SOC 2 Consultant


Schedule FREE 30 Mins Consultation Call
Gabriel Consultant in ISO Consulting
Service with 20 years of experience.
Find Us
© 2024 Gabriel Consultant. All rights reserved
Find Us
© 2024 Gabriel Consultant. All rights reserved

Office Hour: 9:00- 18:00

Tel : +852 23664622

Email :

Free 30 Min Consultation Call

Request an economy and speedy way to get an ISO Certification