SOC 2 has become the de facto standard for businesses in all industries to build trust and unlock sales. Most security professionals have experienced a SOC 2 audit and understand the details of what goes into earning these coveted reports.

 

When companies receive SOC 2 reports, it is challenging to uncover the critical details. SOC 2 reports help companies evaluate the security risks of their vendors and validate that your vendors have basic security practices in place to protect your sensitive information. This article will help demystify what to look for when receiving a SOC 2 report and where to find technical details and security configurations.

​

Sections of the SOC 2 report

In most SOC 2 reports, you will find four sections and an optional fifth section:

​

• Section 1 - Independent Service Auditor's Report

• Section 2 - Management's Assertion

• Section 3 - Description of the system

• Section 4 - Trust Services Criteria and Related Controls

• Section 5 - Other information provided by management

 

Read the full article on the SANS website