SOC Standard 2

Security, accessibility, integrity, confidentiality and privacy


Service and Organization Controls 2

Service and Organization Controls 2 (SOC 2) is an assessment of procedures and control processes in an IT organization, and an international standard for collecting and exchanging information. This standard was established on behalf of the American Institute of Certified Public Accountants (AICPA). It defines data management criteria across five key areas: security (both physical and logical), availability, processing integrity, confidentiality, privacy.

What is SOC 2?

SOC 2 is an audit procedure that results in a report detailing how your service provider manages your entrusted data.SOC 2 covers of two reports:

  • Type 1 – describes the information security management system and assesses its relevance against standard checkpoints.
  • Type 2 – assesses whether the information security management system actually works (describing evidence how security measures work for a specific period of time, minimum 6 moths).

What Organisations are SOC2 Standards for?

Service and Organization Controls 2 is an independent opinion about the standards at Data Center, your current or future service provider. It is not mandatory to evaluate procedures and processes but as a Data Center, we want to provide data center services at the highest level and confirmed to our customers through the positive opinion of independent experts. SOC 2 standards apply to companies and organisations that process any type of sensitive customer data. Examples of such operations are:

  • financial services
  • banks and financial institutions
  • insurance companies
  • sales and retail businesses
  • wholesale
  • online stores and ecommerce websites
  • production companies
  • SaaS services

SOC 2 Requirements

Security scope covers procedures, policies, and instructions designed to protect against unauthorized access to data at both physical and logical levels.
Well-designed access control allows you to protect your data from theft, unauthorized change, deletion, or disclosure. has a set of safety regulations and procedures in place carried out by physical security personnel with many years of operational experience in uniformed services, supported by access control systems and 24/7 video surveillance. The IT layer is protected by a modern network, cryptographic solutions, and a set of good practices in protecting against unauthorized access to sensitive information.

This area concerns process solutions designed to ensure the continuity of site operations and services provided. It assesses protective measures against power loss, cooling, connectivity, environmental risk monitoring tools and risk materialisation (Business Continuity Plans).

This criterion answers the question of whether the organization uses appropriate means to ensure the integrity of processed data. In other words, it checks if the service provider organization prevents accidental distortion of data during reading, recording, transmission, or storage. Whether the data processing does not give rise to errors, and if errors occur, whether they are detected and corrected within a reasonable time.

Confidentiality – This area focuses on solutions that ensure that the data processed by is not shared or disclosed to unauthorized persons, processes, or other entities. As part of ICT security, confidentiality is ensured through encryption and access control.
Privacy – This criterion helps to assess how service provider organization handles personal data and whether this gives rise to potential violations.

Contact us