Glossary
SOC 2, or System and Organization Controls 2, is an established auditing standard created by the American Institute of Certified Public Accountants (AICPA). A SOC 2 report serves as evidence for a service organization – a company that provides services to businesses and handles their data – that it has the internal controls in place to protect its customers' data.
A SOC 2 report is similar to a trusted stamp or seal that makes it clear that the service provider takes data security seriously and operates in a trustworthy manner. It goes beyond a "check the box" type of certification, with a detailed report from an independent auditor explaining how a service organization's systems and processes manage customer data in accordance with specific, crucial criteria. This is important in an increasingly cloud-first world, where businesses outsource important functions to third-party vendors that are entirely responsible for key components of their businesses like data storage, Software as a Service (SaaS), managed IT, etc.
The Five Trust Services Criteria:
The Trust Services Criteria (TSCs) are critical criteria that govern SOC 2 audits. When obtaining a SOC 2 report, organizations select the relevant Trust Principles for their service and demonstrate that they have sufficient controls in place to satisfy criteria related to those Trust Principles. The following are the five Trust Principles:
Security (Mandatory): This is the base level and required criterion. Security states that information should be protected, and there should be controls in place to not allow unauthorized access to, use of, or disclosure of, information; or damage to systems that affect availability, integrity, confidentiality, and privacy. Security focuses on technical controls, and examples could include firewalls, intrusion detection, multi-factor authentication, and access controls.
Availability: Availability indicates whether a system's products or services are available for operation and use as promised or according to the engagement. Availability encompasses several sub-components - network uptime, performance monitoring, and disaster recovery plans.
Processing Integrity: Processing integrity indicates whether the system's processing is complete, valid, accurate, timely, and authorized. Processing integrity provides the user assurance that information has been processed properly throughout its lifecycle.
Confidentiality: Confidentiality refers to the protection of information that has been specifically described as confidential, to limit access to and sharing of these pieces of information to a limited set of persons or organizations. Confidential information can include business plans, intellectual property, or internal financial information.
Privacy: Privacy refers to the organization's collection, use, retention, disclosure, and disposal of personal information, and was done in accordance with the organization's privacy notice and AICPA generally accepted privacy principles. This applies strictly to Personally Identifiable Information (PII).
SOC 2 Report Types - Type 1 vs. Type 2
SOC 2 audits have two types of reports, which provide different levels of assurance:
SOC 2 Type 1 Report: A Type 1 report is a snapshot in time. The report represents the service organization's system, and evaluates the reasonableness of its controls design as of a timeframe. Essentially, any controls in place are designed in a way which will reasonably support the relevant TSCs.
SOC 2 Type 2 Report: A Type 2 report is much more complex. It evaluates not only the suitability of the design of controls but also examines and reports on their operational effectiveness over time, usually 3 to 12 months. A Type 2 report provides a greater level of assurance because it tells the reader that the controls have been working as intended and consistently.
Why SOC 2 Compliance Matters for Trust and Business Growth
For many businesses currently operating, particularly ones that do business in sensitive data, leverage cloud services, or are in a Software as a Service (SaaS) world, SOC 2 compliance is no longer a "nice-to-have" but a "have-to-have" for their business to be successful.
Why getting SOC 2, and maintaining SOC 2 is important:
Builds Trust From Customers: After all of the data breaches happening these days, customers want to know that their sensitive data is going to be safe. A SOC 2 report, especially a Type 2 report, serves as independent assurance of the organization's commitment to security and privacy, and will increase customer confidence to do business with that organization.
Commercial Advantage: Having a SOC 2 report differentiates a service organization from their competitors. Many larger enterprises and security-conscious client organizations have SOC 2 compliance as a pre-requisite for doing business.
Supporting Strong Security: The nature of the audit process that leads to SOC 2 compliance obligates organizations to identify their vulnerabilities, state their security policies, and invest in strong cybersecurity practices which increases the overall security posture of their organization.
Vendor Management: For businesses that leverage vendors (service organizations) to run their business, if they have a SOC 2 report it can simplify their vendor due diligence, and provide a baseline standard when reviewing the security controls applied to their vendors.
Supports Other Compliance Processes: The controls needed to achieve SOC 2 compliance overlap with the logic of other regulatory frameworks such as HIPAA, GDPR, or DPDPA; thus decreasing overall compliance burden.
Identifying Risks and Reducing Breaches: By continuously evaluating and managing risks to the TSCs, the organization is able to continually identify their weaknesses and deploy controls to prevent issues and compromises such as, but not limited to, breaches, unauthorized access, and other incidents by identifying risks to the organization and operational controls that need to be in place.
Increased Operational Efficiency: The vast majority of the time necessary to get ready for a SOC 2 audit is invested in improving their documentation, processes, and more formalized internal controls which will drive operational efficiencies and consistency.
With ReShield’s identity security platform, it either directly helps organizations to achieve and support SOC 2 compliance, especially in the case of the mandatory Security criterion, often the Confidentiality criterion and Privacy criterion; with the identity security controls needed for Least Privilege Access (LPA), availability for lifecycle administration for human and machine identities, Separation of Duties (SoD), audit trails, and continuous visibility on who can access what data. All critical controls for SOC 2 auditors to provide "reasonable assurance" as to protecting sensitive customer data.
![](data:image/svg+xml,<svg aria-label="Vector" display="block" role="presentation" viewBox="0 0 66 13" xmlns="http://www.w3.org/2000/svg"><g d="M 9.6 0 L 6.4 0 C 6.179 0 6 0.179 6 0.4 L 6 12.174 C 6 12.327 6.088 12.467 6.226 12.534 C 6.364 12.601 6.528 12.583 6.648 12.488 L 9.848 9.961 C 9.944 9.885 10 9.77 10 9.648 L 10 0.4 C 10 0.179 9.821 0 9.6 0 Z M 4 1.889 C 4 1.398 4.398 1 4.889 1 C 4.95 1 5 1.05 5 1.111 L 5 11.111 C 5 11.602 4.602 12 4.111 12 C 4.05 12 4 11.95 4 11.889 Z M 2 3.889 C 2 3.398 2.398 3 2.889 3 C 2.95 3 3 3.05 3 3.111 L 3 10.111 C 3 10.602 2.602 11 2.111 11 C 2.05 11 2 10.95 2 10.889 Z M 0 5.889 C 0 5.398 0.398 5 0.889 5 C 0.95 5 1 5.05 1 5.111 L 1 8.111 C 1 8.602 0.602 9 0.111 9 C 0.05 9 0 8.95 0 8.889 Z M 15.78 6.036 L 15.78 9.849 L 14 9.849 L 14 0 L 17.993 0 C 20.219 0 21.611 1.029 21.611 3.018 C 21.611 4.568 20.748 5.556 19.287 5.898 L 21.861 9.849 L 19.83 9.849 L 17.395 6.036 Z M 15.78 4.526 L 17.896 4.526 C 19.176 4.526 19.858 3.978 19.858 3.018 C 19.858 2.044 19.176 1.508 17.896 1.508 L 15.78 1.508 L 15.78 4.527 Z M 25.973 10 C 23.886 10 22.425 8.477 22.425 6.255 C 22.425 4.143 23.872 2.51 25.904 2.51 C 28.018 2.51 29.145 4.088 29.145 6.063 L 29.145 6.612 L 24.025 6.612 C 24.151 7.846 24.902 8.601 25.973 8.601 C 26.794 8.601 27.448 8.189 27.671 7.449 L 29.104 7.984 C 28.589 9.246 27.434 10 25.974 10 Z M 25.89 3.896 C 25.027 3.896 24.36 4.403 24.109 5.377 L 27.462 5.377 C 27.448 4.582 26.947 3.896 25.89 3.896 Z M 29.633 8.477 L 30.885 7.49 C 31.316 8.19 32.151 8.656 33 8.656 C 33.71 8.656 34.363 8.409 34.363 7.764 C 34.363 7.147 33.751 7.078 32.596 6.845 C 31.442 6.612 30.12 6.324 30.12 4.787 C 30.12 3.471 31.289 2.51 32.972 2.51 C 34.252 2.51 35.393 3.073 35.922 3.868 L 34.795 4.87 C 34.377 4.225 33.682 3.855 32.875 3.855 C 32.193 3.855 31.748 4.156 31.748 4.636 C 31.748 5.158 32.276 5.254 33.195 5.446 C 34.433 5.706 35.991 5.967 35.991 7.613 C 35.991 9.067 34.641 10 32.986 10 C 31.636 10 30.286 9.465 29.633 8.477 Z M 37.273 9.85 L 37.273 0 L 38.943 0 L 38.943 3.416 C 39.446 2.828 40.186 2.496 40.96 2.51 C 42.49 2.51 43.409 3.553 43.409 5.103 L 43.409 9.849 L 41.739 9.849 L 41.739 5.583 C 41.739 4.691 41.378 4.047 40.459 4.047 C 39.708 4.047 38.943 4.595 38.943 5.624 L 38.943 9.85 Z M 45.085 1.687 L 45.085 0 L 46.81 0 L 46.81 1.687 Z M 46.783 2.647 L 46.783 9.85 L 45.113 9.85 L 45.113 2.647 Z M 51.626 10 C 49.539 10 48.078 8.477 48.078 6.255 C 48.078 4.143 49.525 2.51 51.556 2.51 C 53.671 2.51 54.798 4.088 54.798 6.063 L 54.798 6.612 L 49.678 6.612 C 49.803 7.846 50.554 8.601 51.626 8.601 C 52.446 8.601 53.1 8.189 53.323 7.449 L 54.756 7.984 C 54.241 9.246 53.086 10 51.626 10 Z M 51.542 3.896 C 50.68 3.896 50.012 4.403 49.762 5.377 L 53.114 5.377 C 53.1 4.582 52.6 3.896 51.542 3.896 Z M 57.72 0 L 57.72 9.85 L 56.05 9.85 L 56.05 0 Z M 62.23 10 C 60.184 10 59.016 8.299 59.016 6.255 C 59.016 4.211 60.184 2.51 62.23 2.51 C 63.176 2.51 63.871 2.88 64.33 3.416 L 64.33 0 L 66 0 L 66 9.85 L 64.33 9.85 L 64.33 9.095 C 63.871 9.63 63.176 10 62.23 10 Z M 64.372 6.05 C 64.372 4.691 63.593 3.95 62.563 3.95 C 61.353 3.95 60.699 4.883 60.699 6.255 C 60.699 7.627 61.353 8.56 62.563 8.56 C 63.593 8.56 64.373 7.805 64.373 6.475 L 64.373 6.049 Z" fill="transparent" height="12.574162748448197px" id="QLfKMvzoW" width="65.99999884033204px"><path d="M 3.6 0 L 0.4 0 C 0.179 0 0 0.179 0 0.4 L 0 12.174 C 0 12.327 0.088 12.467 0.226 12.534 C 0.364 12.601 0.528 12.583 0.648 12.488 L 3.848 9.961 C 3.944 9.885 4 9.77 4 9.648 L 4 0.4 C 4 0.179 3.821 0 3.6 0 Z" fill="rgb(0, 117, 255)" height="12.57416274844826px" id="eDniqsBDd" transform="translate(6 0)" width="4px"/><path d="M 0 0.889 C 0 0.398 0.398 0 0.889 0 C 0.95 0 1 0.05 1 0.111 L 1 10.111 C 1 10.602 0.602 11 0.111 11 C 0.05 11 0 10.95 0 10.889 Z" fill="rgb(0, 200, 255)" height="11px" id="vpxu5xc_q" transform="translate(4 1)" width="1px"/><path d="M 0 0.889 C 0 0.398 0.398 0 0.889 0 C 0.95 0 1 0.05 1 0.111 L 1 7.111 C 1 7.602 0.602 8 0.111 8 C 0.05 8 0 7.95 0 7.889 Z" fill="rgb(0, 117, 255)" height="8px" id="zrDMDG6rG" transform="translate(2 3)" width="1px"/><path d="M 0 0.889 C 0 0.398 0.398 0 0.889 0 C 0.95 0 1 0.05 1 0.111 L 1 3.111 C 1 3.602 0.602 4 0.111 4 C 0.05 4 0 3.95 0 3.889 Z" fill="rgb(0, 200, 255)" height="4px" id="k04AzW6af" transform="translate(0 5)" width="1px"/><path d="M 1.78 6.036 L 1.78 9.849 L 0 9.849 L 0 0 L 3.993 0 C 6.219 0 7.611 1.029 7.611 3.018 C 7.611 4.568 6.748 5.556 5.287 5.898 L 7.861 9.849 L 5.83 9.849 L 3.395 6.036 Z M 1.78 4.526 L 3.896 4.526 C 5.176 4.526 5.858 3.978 5.858 3.018 C 5.858 2.044 5.176 1.508 3.896 1.508 L 1.78 1.508 L 1.78 4.527 Z M 11.973 10 C 9.886 10 8.425 8.477 8.425 6.255 C 8.425 4.143 9.872 2.51 11.904 2.51 C 14.018 2.51 15.145 4.088 15.145 6.063 L 15.145 6.612 L 10.025 6.612 C 10.151 7.846 10.902 8.601 11.973 8.601 C 12.794 8.601 13.448 8.189 13.671 7.449 L 15.104 7.984 C 14.589 9.246 13.434 10 11.974 10 Z M 11.89 3.896 C 11.027 3.896 10.36 4.403 10.109 5.377 L 13.462 5.377 C 13.448 4.582 12.947 3.896 11.89 3.896 Z M 15.633 8.477 L 16.885 7.49 C 17.316 8.19 18.151 8.656 19 8.656 C 19.71 8.656 20.363 8.409 20.363 7.764 C 20.363 7.147 19.751 7.078 18.596 6.845 C 17.442 6.612 16.12 6.324 16.12 4.787 C 16.12 3.471 17.289 2.51 18.972 2.51 C 20.252 2.51 21.393 3.073 21.922 3.868 L 20.795 4.87 C 20.377 4.225 19.682 3.855 18.875 3.855 C 18.193 3.855 17.748 4.156 17.748 4.636 C 17.748 5.158 18.276 5.254 19.195 5.446 C 20.433 5.706 21.991 5.967 21.991 7.613 C 21.991 9.067 20.641 10 18.986 10 C 17.636 10 16.286 9.465 15.633 8.477 Z M 23.273 9.85 L 23.273 0 L 24.943 0 L 24.943 3.416 C 25.446 2.828 26.186 2.496 26.96 2.51 C 28.49 2.51 29.409 3.553 29.409 5.103 L 29.409 9.849 L 27.739 9.849 L 27.739 5.583 C 27.739 4.691 27.378 4.047 26.459 4.047 C 25.708 4.047 24.943 4.595 24.943 5.624 L 24.943 9.85 Z M 31.085 1.687 L 31.085 0 L 32.81 0 L 32.81 1.687 Z M 32.783 2.647 L 32.783 9.85 L 31.113 9.85 L 31.113 2.647 Z M 37.626 10 C 35.539 10 34.078 8.477 34.078 6.255 C 34.078 4.143 35.525 2.51 37.556 2.51 C 39.671 2.51 40.798 4.088 40.798 6.063 L 40.798 6.612 L 35.678 6.612 C 35.803 7.846 36.554 8.601 37.626 8.601 C 38.446 8.601 39.1 8.189 39.323 7.449 L 40.756 7.984 C 40.241 9.246 39.086 10 37.626 10 Z M 37.542 3.896 C 36.68 3.896 36.012 4.403 35.762 5.377 L 39.114 5.377 C 39.1 4.582 38.6 3.896 37.542 3.896 Z M 43.72 0 L 43.72 9.85 L 42.05 9.85 L 42.05 0 Z M 48.23 10 C 46.184 10 45.016 8.299 45.016 6.255 C 45.016 4.211 46.184 2.51 48.23 2.51 C 49.176 2.51 49.871 2.88 50.33 3.416 L 50.33 0 L 52 0 L 52 9.85 L 50.33 9.85 L 50.33 9.095 C 49.871 9.63 49.176 10 48.23 10 Z M 50.372 6.05 C 50.372 4.691 49.593 3.95 48.563 3.95 C 47.353 3.95 46.699 4.883 46.699 6.255 C 46.699 7.627 47.353 8.56 48.563 8.56 C 49.593 8.56 50.373 7.805 50.373 6.475 L 50.373 6.049 Z" fill="rgb(255, 255, 255)" height="10px" id="uSPVddIXO" transform="translate(14 0)" width="51.99999884033203px"/></g></svg>)
