The SOC 2 trust principles are criteria based provisions consisting of what’s technically known as the Trust Services Principles (TSP), which consist of the following:
- The security of a service organization's system.
- The availability of a service organization's system.
- The processing integrity of a service organization's system.
- The confidentiality of the information that the service organization's system processes or maintains for user entities.
- The privacy of personal information that the service organization collects, uses, retains, discloses, and disposes of for user entities.
Additionally, the SOC 2 Trust Principles are part of the AICPA Service Organization Control (SOC) framework, which allows for three (3) reporting options – SOC 1, SOC 2, and SOC 3. SOC 2 has quickly become the de facto assessment standard for technology oriented service organizations – and rightfully so – as data centers, SaaS entities, software development organizations, and many other businesses, are an ideal fit for the SOC 2 framework. The SOC 2 Trust Principles, which have been revised for reporting periods on or after December 15, 2014, now are structured in the following manner (7 general areas):
- Organization and management
- Risk management and implementation of controls
- Monitoring of controls
- Logical and physical access controls
- System operations, and
- Change management
What’s interesting to note about the changes are the mandates for “Risk management”, which has become one of the most important elements of today’s growing regulatory compliance initiatives. NDNB provides a complimentary SOC 2 Policy Packet containing dozens of information security and operational specific policies, procedures, forms, checklists – and more – as part of every SOC 2 assessment performed by us. This is important to note because information security policies and procedures a large part of SOC 2 compliance, and developing them can take considerable time and effort. It’s why NDNB includes a complimentary SOC 2 Policy Packet for every client. Learn more about NDNB's complimentary SOC 1 Policy Packets and SOC 2 Policy Packets. They truly make a big difference in helping service organizations save thousands of dollars on SOC compliance.