26. What is SOC 2 reporting and why are policies and procedures important for SOC 2 compliance and do you offer such documentation?
SOC 2 is a reporting option under the AICPA Service Organization Control (SOC) framework, which consists of SOC 1, SOC 2, and SOC 3 reporting. As for SOC 2, both a Type 1 and a Type 2 report can be issued, with the professional standard being AT 101 for issuing SOC 2 reports. Moreover, SOC 2 reporting incorporates the Trust Services Principles (TSP), five (5) broad-based principles that define and outline best practices relating to security, availability, processing integrity, confidentiality, integrity and privacy. What’s important to note about SOC 2 compliance and the TSP is two-fold. First, a SOC 2 report can include any number of the TSP’s for reporting purposes. Second, all of the TSP require numerous policy and procedure documents to be in place for compliance, and this often poses a challenge for service organizations as they’ve traditionally not had a solid resource to rely on for these much-needed documents, until now.
Learn more about our signature product, the Global Information Security Compliance Packet (GISCP), the world's most complete security policy packet containing over 2,850 + pages of in-depth information security policies, procedures, forms, checklists, templates, provisioning and hardening documents, and much more.
Learn more today about the GISCP by viewing sample policies, forms, hardening documents, and more.
SOC 2 Compliance Required Policies and Procedures | Get Them Today from Us
Say hello to the Flat Iron Technologies, LLC Global Information Security Compliance Packet (GISCP) set of operational, business specific and information security policies, procedures, and more. Not only will you receive much needed operational, and I.T. documents for helping comply with SOC 2 reporting, also numerous other policies, procedures, forms, checklists, templates, provisioning and hardening documents, and more.
SOC 2 | Policies and Procedures are a Must for the Trust Service Principles | Download Today
As for the five (5) Trust Services Principles (TSP) that form the basis for SOC 2 (and SOC 3) reporting, there’s strict requirements for numerous policies and procedures throughout the four “broad areas” of the TSP themselves. More specifically, these “broad areas” are the following: (1). Policies. (2). Communication. (3). Procedures. (4). Monitoring. For example, under the TSP “Security”, you’ll find requirements for each of the just mentioned four (4) “broad areas”. Clearly, with “policies” and “procedures” being two (2) of the four (4) “broad areas”, it’s easy to see why documented policies and procedures are a must for SOC 2 compliance. The GISCP set of operational and information security policies and procedures from Flat Iron Technologies, LLC will go a long way in helping develop these much needed documents for SOC 2 reporting.