SOC Compliance
The SOC 2 certification requires that the service organization provide a description of its system. The description includes the service provided, control objectives, supporting process, policies, procedures, personnel and operational activities that constitute the organization’s core activities relevant to its customers.
It also requires a written assertion by management to assert that the system description and control objectives included therein are a fair representation. The service auditor performs an audit of the process and policies in place and obtains evidence about the fairness of the presentation of the description based on the description criteria and the suitability of the design of those controls to meet the applicable trust services criteria. After a lengthy audit process the auditor certifies that the controls stated in the description were suitably designed to provide reasonable assurance that the applicable trust services criteria is met.
|