You just received a SOC 2 report, what are you supposed to look at?

Learn the important details to look for when reading your customers or vendors SOC 2 report.

SANS_logo.png

SOC 2 has become the de facto standard for businesses in all industries to build trust and unlock sales. Most security professionals have experienced a SOC 2 audit and understand the details of what goes into earning these coveted reports.

 

When companies receive SOC 2 reports, it is challenging to uncover the critical details. SOC 2 reports help companies evaluate the security risks of their vendors and validate that your vendors have basic security practices in place to protect your sensitive information. This article will help demystify what to look for when receiving a SOC 2 report and where to find technical details and security configurations.

Sections of the SOC 2 report

In most SOC 2 reports, you will find four sections and an optional fifth section:

 
Read the full article on the SANS website

Interested in downloading the SANS SOC2 Examination Cheatsheet?

SOC2cheatsheet.png