A typical SOC 2 report examines the internal controls of an organization that relate to the five security criteria: security, availability, confidentiality, process integrity, and privacy. However, there is another kind of report with additional security requirements: SOC 2 Plus.
What Sets It Apart?
It covers all of the same criteria but adds additional criteria and the ability to complete other certifications at the same time.
Some of the additional criteria required includes:
- Description of the physical characteristics of a service organization’s facilities
- Historical data related to the availability of computing resources and past security controls
- Details of how security controls help an organization meet HIPAA requirements
- Details of how security controls address the Cloud Security Alliance’s Cloud Controls Matrix
Along with these general additions to the criteria, there is also the opportunity to obtain several other certifications during the SOC 2 Plus process such as:
- HITRUST
- ISO 271001/2
Who Needs A SOC 2 Plus?
This type of report is a great option for an organization that needs to complete several security certifications at once and organizations that need the highest possible level of security compliance. An organization that works with extremely sensitive data may need to complete this certification
If you would like to learn more or get started on your next SOC Audit, contact us today!
