What is a SOC2 audit report?

Learn more about this type of report and how to use it to ensure your company’s digital safety and security.

If you own or manage a company that stores and processes sensitive information, you’ll need to make sure that the service provider for your company is SOC2 compliant. This is a mandatory requirement for all technology-based services and is checked periodically by third-party audits. Let’s dive deeper into what this means for your company.

What are SOC reports?

Pronounced like “sock,” this acronym stands for Service Organization Control and refers to specific reports from an independent third party. These reports help companies establish trust in their service providers.

A SOC 2 report, in particular, focuses on five areas of service delivery: security, availability, processing integrity, confidentiality, and privacy.

For example, say that you manage a hospital system. You’ll want to make sure that patient information is safe, secure, and confidential at all times — but also, allow it to be accessed by appropriate medical personnel when necessary. This includes medical details as well as sensitive personal information like digital signatures, social security numbers, credit card details, and more.

To achieve this level of security, you’ll need a trusted service provider. Once a service provider is established, a third party will periodically run audits to ensure that your provider is keeping the information safe and secure. In short, this third party makes sure service providers are compliant.

Types of SOC 2 reports.

The third party may use two types of SOC 2 reports for auditing: SOC 2 Type 1 and SOC 2 Type 2. Here’s what that means:

Learn more about keeping documents and signatures safe. Take a moment to discover everything that’s possible with Adobe Sign today.