SOC 2 was developed by the American Institute of CPAs (AICPA) and sets guidelines for customer data management, based on five ‘trust service principles’, namely security, availability, processing integrity, confidentiality, and privacy. An organization has to build controls that align with either all the trust principles, or some of them. A SOC 2 report evaluates the capability of the unique processes and business practices of an organization to comply with all necessary SOC 2 principles.
The purpose of a SOC 2 report is to enable organizations to offer demonstrable evidence to customers with respect to how they manage customer data and that this data is secure and will not fall into the wrong hands.
The British Standards Institute (BIS), conducted a very thorough audit of the internal control framework at QX and vetted our system and organization controls that were deployed with respect to the ‘5 trust principles’. The SOC 2 report offers detailed information and assurance vis-à-vis the set of controls in place at QX relevant to aspects such as security, availability, integrity of the system processing client data and also the confidentiality and privacy of all data processing.
The audit determined that QX is a SOC 2 Type II compliant organization. In SOC 2 parlance, Type I is a description of all the systems deployed by the vendor and the auditor assesses whether system design is in perfect sync with the required trust principles. Type II goes one step beyond and describes the effectiveness of all the systems that the organization has implemented to meet SOC 2’s trust principles.Get in touch