On one hand "Security Operations Centre", but SOC is seemingly used in the reporting and certification domain, where does this come from? Is there another (or more) definitions of SOC in Information Security Compliance Certification, or do these terms just reference it as a way to describe practices needed to be in place in a given IT division? The question comes from trying to determine what SOC "Level" Report I should request from a third party vendor to my organization.
Asked
Active
Viewed 149 times
1
-
I googled "SOC "Level" Report I" and got the definitions you are looking for, including that SOC stands for in this context. – schroeder Mar 01 '21 at 15:49
-
Yes, definitely a very google-able question. Shall I remove it? – PlasticCasio Mar 01 '21 at 15:55
1 Answers
1
There are at least two meanings of the acronym SOC, completely unrelated:
- Security Operations Center
- System and Organization Controls
Whenever you see "SOC <Number>", like SOC 1 or SOC 2, that means System and Organization Controls which are a complex and well defined set of audit requirements. The different SOC levels are defined by the AICPA as a standard for audits.
In general, when performing due diligence on a third party vendor, a SOC 2 report is asked for:
A SOC 2 audit examines and reports on a service organization’s internal controls relevant to the security, availability, processing integrity, confidentiality and/or privacy of customer data.
gowenfawr
- 71,975
- 17
- 161
- 198