In the absence of a strong federal privacy regulation in the United States, SOC 2 has become a popular voluntary framework used to evaluate the ability of service providers to protect customer data. Developed by the American Institute of CPAs (AICPA), the Systems and Organization Controls 2 (SOC 2) is a voluntary standard implemented by technology and cloud computing companies to ensure data privacy compliance. It is based on a recognized set of Trust Services Criteria and specifies how organizations should manage client data to ensure security, availability, confidentiality, processing integrity, and privacy.
Thales cybersecurity solutions help organizations implement and demonstrate the technical and organizational controls required by the SOC 2 Trust Services Criteria, particularly where sensitive, personal, or regulated data is processed across cloud, hybrid, and AI environments.
Identify and Manage Risks
Gain visibility, control, and insight over risks to sensitive data and assets.
Automate Protection
Protect applications, data, and identities automatically based on policy across hybrid IT.
Mitigate and Respond to Attacks
Monitor for abnormal activities and mitigate attacks in real time.
WHITE PAPER
Cybersecurity Compliance with System and Organization Controls 2 (SOC 2)
Thales’ solutions simplify compliance and automate security helping address essential control requirements for SOC 2 addressing application security, data security and identity & access management requirements across multiple requirements.
What is the Systems and Organization Controls 2 (SOC 2)?
Systems and Organization Controls 2 (SOC 2) is a framework and audit process created by the American Institute of Certified Public Accountants (AICPA). SOC 2 evaluates an organization’s ability to securely manage sensitive data. By undergoing a SOC 2 audit, performed by a certified CPA, an organization can demonstrate it has effective controls to protect customer data and systems, reducing risk for customers and partners.
Related Resources
Other key data protection and security regulations
PCI HSM
MANDATE | ACTIVE NOW
The PCI HSM specification defines a set of logical and physical security compliance standards for HSMs specifically for the payments industry. PCI HSM Compliance certification depends on meeting those standards.
DORA
REGULATION | ACTIVE NOW
DORA aims to strengthen the IT security of financial entities to make sure the financial sector in Europe is resilient in the face of the growing volume and severity of cyber-attacks.
Data Breach Notification Laws
REGULATION | ACTIVE NOW
Data breach notification requirements following loss of personal information have been enacted by nations around the globe. They vary by jurisdiction but almost universally include a “safe harbor” clause.
GLBA
REGULATION | ACTIVE NOW
The Gramm-Leach-Bliley Act (GLBA)--also known as the Financial Services Modernization Act of 1999--requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data.