Service Organization Control (SOC) 2 Report

Cyber Espial undergoes SOC 2 Type II audit annually to demonstrates our commitment to security, availability and confidentiality standards in the industry. It verifies that Cyber Espial’s security controls are in accordance with the AICPA Trust Services Principles and Criteria.

A SOC 2 audit gauges the effectiveness of a system, based on the AICPA Trust Service Principles and Criteria. SOC 2 reports specifically address one or more of the following five key system domains:

  • Security—The system is protected against both physical and logical unauthorized access.
  • Availability—The system is available for operation and use as committed or agreed.
  • Processing integrity—System processing is complete, accurate, timely, and authorized.
  • Confidentiality – Information designated as confidential is protected as committed or agreed.
  • Privacy—Personal information is collected, used, retained, disclosed, and destroyed in conformity with the commitments in the entity’s privacy notice and with criteria set forth in generally accepted privacy principles (GAPP) issued by the AICPA.

SOC 2 involves the same types of technical and operational controls that the above compliance profiles do. However, the SOC 2 process includes a very formal requirement for “corporate” policies and procedures. More specifically, SOC 2 lays out requirements for service organizations around having documented policies and procedures in place, specifically information security and operational policies.