What is SOC 2?
Service and Organization Controls 2
Service and Organization Controls 2 (SOC 2) is an assessment of procedures and control processes in an IT organization, and an international standard for collecting and exchanging information. This standard was established on behalf of the American Institute of Certified Public Accountants (AICPA). It defines data management criteria across five key areas: security (both physical and logical), availability, processing integrity, confidentiality, privacy.
SOC 2 is an audit procedure that results in a report detailing how your service provider manages your entrusted data.
SOC 2 covers of two reports:
- Type 1 – describes the information security management system and assesses its relevance against standard checkpoints.
- Type 2 – assesses whether the information security management system actually works (describing evidence how security measures work for a specific period of time, minimum 6 moths).
SOC 2 Requirements
Security scope covers procedures, policies and instructions designed to protect against unauthorised access to data at both physical and logical levels.
Well-designed access control allows you to protect your data from theft, unauthorized change, deletion or disclosure.
Beyond.pl has a set of safety regulations and procedures in place carried out by physical security personnel with many years of operational experience in uniformed services, supported by access control systems and 24/7 video surveillance. The IT layer is protected by a modern network, cryptographic solutions and a set of good practices in protecting against unauthorised access to sensitive information.
This area concerns process solutions designed to ensure the continuity of site operations and services provided.
It assesses protective measures against power loss, cooling, connectivity, environmental risk monitoring tools and risk materialisation (Business Continuity Plans).
This criterion answers the question whether the organisation uses appropriate means to ensure the integrity of processed data. In other words, whether the service provider organisation prevents accidental distortion of data during reading, recording, transmission or storage. Whether the data processing does not give rise to errors, and if errors occur, whether they are detected and corrected within a reasonable time.
This area focuses on solutions that ensure that the data processed by Beyond.pl is not shared or disclosed to unauthorised persons, processes or other entities. As part of ICT security, confidentiality is ensured through encryption and access control.
This criterion helps to assess how service provider organisation handles personal data and whether this gives rise to potential violations.
What Organisations are SOC2 Standards for?
Service and Organization Controls 2 is an independent opinion about the standards at Beyond.pl Data Center, your current or future service provider. It is not mandatory to evaluate procedures and processes but as a Data Center, we want to provide data center services at the highest level and confirmed to our customers through the positive opinion of independent experts.
SOC 2 standards apply to companies and organisations that process any type of sensitive customer data. Examples of such operations are:
- financial services
- banks and financial institutions
- insurance companies
- sales and retail businesses
- online stores and ecommerce websites
- production companies
- SaaS services