What does SOC 2 report and why is it so important?



SOC stands for “System and Organization Controls”. A SOC 2 report is designed to provide assurances about the effectiveness of controls in place at a service organisation that are relevant to the security, availability, or processing integrity of the system used to process clients’ information, or the confidentiality or privacy of that information.

Companies that use cloud service providers use SOC 2 reports to assess and address the risks associated with third party technology services. These reports are issued by independent third-party auditors.

What does SOC 2 Mean for Admincontrol?

SOC 2 reports are intended to meet the needs of a broad range of users that need to understand internal control at a service organization as it relates to security, availability, processing integrity, confidentiality and privacy. The SOC 2 report provides an independent assessment of Admincontrol’s security and privacy control environment. The assessment includes a description of the controls, the tests performed to evaluate them, the results of these tests, and an overall judgement of the design and operational effectiveness

What`s the scope?

Admincontrol`s SOC 2 Type 2 Report covers the AICPA’s the Trust Services Principles and Criteria for secure data processing and storage. Demonstrating proficiency across these criteria is an attestation to the following security principles:

Security: the system is protected against unauthorized access, both physical and logical
Availability: the system is available for operation and use as committed or agreed
Confidentiality: information designated as confidential is protected as committed or agreed

How is Soc 2 type different than type 1?

While a Type 1 report highlights policies and procedures for ensuring the Trust Factor Criteria, the Type 2 process require a full 12-month audit period by a third party. In other words, a Type 1 report is a point in time measurement, while the Type 2 report is proving that these policies and procedures are followed, supported by hard evidence, in a 12 months reporting window. Admincontrol has chosen Deloitte Norway as their assurance partner for performing and issuing the SOC 2 report. Deloitte is one of the “Big Four” accounting organisations and the largest professional services network in the world consisting of thousands of dedicated professional.

Why have the Soc 2 report in place?

At Admincontrol we take security seriously. An important aspect for our clients is that they can trust that we have taken all necessary measures to protect the information processed in our service offering. In addition to our ISO 27001:2013 certification the SOC 2 Type II report provide additional verification and detailed descriptions of the applied security controls in place at Admincontrol.

Who gets access to the report?

Due to the nature of the report and detailed information of security controls, access to the report is only possible for existing customers or prospects and require a signed Non-Disclosure Agreement (NDA) prior to granting access.

If you require access contact your Admincontrol Account Manager.