SOC | – Cloud assurance compliance


SOC (Service Organization Controls) is the reporting standard on “Report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy”

The SOC standard is divided in three categories:

  • SOC1: a pure replacement of the SAS70 standard providing assurance for companies where the audited services are an essential part of financial activities (ICFR: internal control over Financial Reporting)
  • SOC2: Assurance on compliance with controls of underlying standards which are relevant to the organisation’s activities
  • SOC3: Assurance on compliance based on GAPP (Generally Accepted Privacy Principles)

SOC2 has no direct relation to relevant information security standards ISO27001 and/or PCI-DSS-2.0.