SOC (Service Organization Control)

Regardless of the products they offer or the industries they serve, there’s one thing all software companies have in common: the responsibility of securing user data. With the advancing threat landscape, ensuring that an organization’s software remains as secure, available, and confidential as is available on the market has become more difficult.

Security Operations Center (SOC) is now an essential part of protection plan and data protection system that reduces the level of exposure of information systems to external and internal risks. SOC will allow companies to have better visibility on their environment, have skills, processes and continuous improvement. With regular attacks, many organizations are refocusing their security efforts on prevention and detection.
This standard is formed by American Institute of Certified Public Accountants (AICPA). IN this standard C, P, I, A, S principles [Confidentiality, Privacy, Integrity, Availability and Security] are addressed. Depending on the client’s business requirements an auditor can choose any of the above principles.
SOC has two main audits SOC 1 and SOC 2 which are further elaborated as Type 1 and Type 2.

• SOC 1- Type 1 and Type 2
• SOC 2- Type 1 and Type 2

SOC - 1- This audit is applicable to financial controls established by the organization for application or product.
SOC – 2- This audit is applicable for controls used by organization to establish C, P, I, A, S. In Type 1- Auditor audits the current controls as per AICPA standards.
In Type 2- Auditor audits current controls established by the organization as per AICPA and they are being governed over the last 6 months.
Socialbubbles helps you to meet regulation requirements that require security monitoring, vulnerability management, or an incident response function.