Service Organization Control (SOC1 & SOC2)
SOC is a voluntary compliance standard for service organizations, developed by the American Institute of CPAs (AICPA), which specifies how organizations should manage customer data. The standard is based on the following Trust Services Criteria: security, availability, processing integrity, confidentiality, privacy.
A SOC report is designed to address internal controls over financial reporting while a SOC2 report addresses a service organization’s controls that are relevant to their operations and compliance. One or both could be right for your organization.
LP3 begins with an initial assessment of your system using automated compliance software to determine which necessary controls and practices you have already implemented and which you still need to put in place.