SOC 2 (Type II)
The SOC 2 report is intended to meet the need to understand internal controls at a service organization as they relate to security, availability, process integrity, confidentiality, and privacy.
LoginRadius is SOC 2 Type 2 audited and certified.
A SOC 2 audit gauges the effectiveness of a CSP’s system, based on the AICPA Trust Service Principles and Criteria. SOC 2 reports specifically address one or more of the following five key system domains:
- Security—The system is protected against both physical and logical unauthorized access.
- Availability—The system is available for operation and use as committed or agreed.
- Processing integrity—System processing is complete, accurate, timely, and authorized.
- Confidentiality – Information designated as confidential is protected as committed or agreed.
- Privacy—Personal information is collected, used, retained, disclosed, and destroyed in conformity with the commitments in the entity’s privacy notice and with criteria set forth in generally accepted privacy principles (GAPP) issued by the AICPA.
SOC 2 involves the same types of technical and operational controls that the above compliance profiles do. However, the SOC 2 process includes a very formal requirement for “corporate” policies and procedures. More specifically, SOC 2 lays out requirements for service organizations around having documented policies and procedures in place, specifically information security and operational policies.
While LoginRadius has all of these policies in place, a SOC 2 audit requires a detailed checklist. For each paragraph of the policies and procedures, the company must show evidence of adhering to them, in changelogs, meeting minutes, design documents, and bug reports. The company must also show that these processes have been followed for some time, usually six months.