How to get SOC 2 Compliance

What is SOC 2?


The requirements of System and Organization Control 2 are established by the American Institute of CPAs.  SOC 2 defines criteria for managing customer data based on the five “Trust Service Principles”—security, availability, processing integrity, confidentiality and privacy.


A SOC 2 is a System and Organization Control 2 report. A SOC 2 report illustrate that service organizations receive and share with stakeholders to demonstrate that general IT controls are in place to secure the service provided.

SOC 2 is NOT a Certification

A SOC 2 is NOT a Certification but an audit report compiled by the Certified Public Accountants  under the AICPA’s (American Institute of Certified Public Accountants). A CPA firm attests that controls are in place and either designed effectively.

SOC 2 Report Structure

  • Independent auditor report
  • Management’s Assertion
  • Description of the system
  • Auditor’s test o controls and result of tests
SOC 2 Audit Report

What is difference between SOC 2 Type1 Report and SOC 2 Type 2 Report?


A SOC 2 Type I report empahasize on the description of a service organization’s system, related control objectives, and the suitability of controls to achieve those objectives of a specific date and represents an auditor’s review and approval of your systems at that moment in time;


A SOC 2 Type II report shows not only that you understand the necessary security procedures with the addition of an assessment of the operating effectiveness of the controls to achieve the control objectives throughout a period of several months. 

Call SOC 2 Consultant at +852 23664622

Leave a Replay

About Gabriel Consulatnt

Over 20 Years in ISO Certification Consulting industry. Many stories I heard from client, auditors and friends

Recent Posts

Follow Us

Get Quote Now

Office Hour: 9:00- 18:00

Tel : 2366 4622

 Email :

ISO9001 2015 Checklist Hong Kong

ISO 9001 : 2015 Checklist

This checklist gives you a tool to check the readiness of ISO 9001 Certification. This checklist addresses some key high-level requirements of ISO 9001:2015 but not all details of ISO 9001 standard.

On completion you can send the results back for analysis at

Don’t forget to check your junk mail if you don’t receive an email in your inbox

Thanks for your information.
Your submission is successful.

We will contact you within 24 hours or next working day.

If you want to contact our consultant,  welcome to click button for appointment. 

ISO 9001 Certification Hong Kong