What is Service Organization Control (SOC) and Why is It important?
26 September 2019
Today, the digital age has been transforming the nature of global business. Big or small companies must protect sensitive information about their clients, partners, employees and more. Due to the rapid advancement of cybercriminals and hacking software, data protection has become a challenging task. Hence, to defend themselves reliably, businesses are exploring new methods against potential cyber-attacks.
SOC - System and Organization Controls is a team of expert individuals in which they dedicate themselves entirely to high-quality IT security operations. A SOC seeks to detect, prevent and respond cybersecurity threats to any incident on the computers, servers and networks it oversees. Through their active surveillance and analysis, SOCs use strategic methodologies and processes to build and maintain the company’s cybersecurity defenses.
There are 3 types of SOC:
- SOC 1: Reports that provide internal information that are relevant to a company’s internal control over financial reporting.
- SOC 2: Reports provide managements description of a service organizations system and the suitability of design and operating effectiveness of controls. SOC 2 report measures controls related to IT and data center service providers, which are security, availability, processing integrity, confidentiality and privacy. SOC 2 itself is classified into two categories; Type I only report management description of controls in a single date, Type II evaluates the management description for 6-12 months to make sure the controls are operating effectively.
- SOC 3: Reports that provide the same information as SOC 2 but intended for general audience. It does not contain a description of the service auditor’s test work and results.
To gain customer trust, one of the most important features of any data center services is providing protection and security in the system organization controls. SOC 2 Type II reports are the most comprehensive certification within the systems and organization controls. A company that has achieved SOC 2 Type II certification has proven its system to keep its clients’ sensitive data secure.
DCI Indonesia has achieved the SOC 2 Type II audit which demonstrates our ongoing commitment to keep our customers’ data and systems safe. We will ensure that our facility is upholding high standards of service and has the appropriate systems and controls in place to protect our valuable data.