Obtaining a SOC 2 report requires an investment of both time and money for a service organization and, at some point, might seem like more work than it’s worth. However, the advantages to obtaining a SOC 2 report far outweigh the initial investment.
In a SOC 2 examination, two of the five Trust Services Principles and Criteria are Privacy and Confidentiality. These two principles can be confusing and may seem to overlap.
Recently, we have noticed that clients of service organizations are asking for a “SOC” report in general, and not necessarily specifying which type of report they are looking for [i.e., SOC 1 (f. SSAE 16), SOC 2, or SOC 3].
Some of our clients occasionally ask us when it is a good idea to get a SOC 3 report. The answer for most companies is that a SOC 3 is not necessary.
On December 15, 2014, the new SOC 2 Common Criteria took effect. What does that mean for your SOC 2 audit?