Create Account
Sign In Create Account

What Is SOC 2

November 18th, 2022

Security, Blog, Background Screening, SOC

3 min read

Developed by the Association of International Certified Professional Accountants (AICPA), Service Organization Control (SOC) 2 is an auditing procedure that verifies companies have internal controls in place to protect sensitive data, and that the controls are operating continuously. Released in 2010, it quickly became a standard for software as a service (SaaS) companies and managed service providers.

SOC 2 is voluntary, so not all companies need to be compliant to operate, but if you deal with data and store data in the cloud, earning a clean audit can improve your ability to sign new clients and get ahead of the competition.

Below we break down the different designations and the benefits of becoming compliant if you aren’t already.

SOC 1 vs SOC 2

SOC 2 implies the existence of others, of which there are several. In total, there are actually three: SOC 1, SOC 2, and SOC 3—all simultaneously released in 2010 by the AICPA.

It’s worth noting that they were all developed and released at the same time because it can be easy to assume that SOC 2 is an evolution of #1, or that SOC 3 is an upgraded and more comprehensive version of the second one. But that’s not the case. Rather, each type covers something a little different.

This means that you don’t need to get #1 before getting #2, or that #3 provides more benefits than #2.

Different Types of SOC

The table below describes the different types.

Infographic comparing benefits of SOC 1, SOC 2, and SOC 3

 

SOC Compliance Types

Within SOC 2 (and SOC 1), there are two subtypes: Type 1 and Type 2.

SOC 2 Type 1

This type examines whether your company met the requirements for SOC 2 compliance on a specific date, it’s a snapshot in time.

Due its short time span and smaller scope, Type 1 can be useful when working under a tight deadline. However, because it’s less comprehensive, clients may not be as interested in seeing it. They’ll likely be looking for a report that demonstrates continuous compliance over a longer period of time.

SOC 2 Type 2

This type determines whether a company has maintained continuous SOC 2 compliance over a long period of time, rather than at a specific point in time.

Typically, Type 2 reports cover several months to a year. The time frame they cover can’t exceed a year, though, which means that for a company to remain compliant, it must regularly undergo audits. When people talk about SOC 2 compliance, this is typically the subtype they’re referring to or are looking for.

SOC 2 Compliance Checklist

Is there a checklist? No, not exactly.

Because the needs of a company depend on a number of factors, including its size, customer base, industry, and processes, achieving a clean audit isn’t about meeting a standard checklist. Rather, it’s about demonstrating that you’ve implemented custom processes necessary to maintain your specific company’s security standards, and having their effectiveness and rigor validated by an outside auditor.

To achieve this level of compliance, your custom policies must be rooted in the five Trust Service Criteria:

  • Security
  • Privacy
  • Confidentiality
  • Processing Integrity
  • Availability

 

SOC 2 Diagram of the 5 trust principles of security, privacy, confidentiality, processing integrity, and availability

As we outlined in this blog post that describes how background checks help SOC 2 compliance, the security principle is a mandatory TSC, whereas controls for the principles can be included at the discretion of your management. You only need to adopt controls that apply to your business.

Why Get SOC 2 Certification

This kind of commitment to information security has benefits to many companies because mismanaged data can leave businesses vulnerable to growing cyber attacks and data breaches. Aside from distinguishing your brand as trustworthy and enhancing your reputation, the security controls protect your business from cyber attacks and data breaches.

Security personnel reaching toward lock depicting the importance of security and SOC 2 compliance

Third-Party Risk Management

According to a 2022 survey of over 1,200 global security leaders, 90% of organizations reported that they’ve increased their focus on third-party risk assessment as a result of recent cyber attacks.

Security professional at computer, evaluating a third-party’s data security

Competitive Advantage

SOC 2 is as recognized as ISO 27001 is in North America. In fact, some companies, especially in the United States, will only do business with partners and vendors that are certified to prove they’ve implemented security controls to protect customer data. Without it, you might miss out on revenue.

Other businesses that rely on outsourcing arrangements are also driving adoption:

  • Software as a service (SaaS)
  • Infrastructure as a service (IaaS)
  • Platform as a service (PaaS)
  • Managed service providers

 

By nature, early-stage startups have smaller security teams, so having SOC can set you apart as a trustworthy partner.

one hot air balloon rising above other hot air balloons because it has a competitive advantage

Follow Regulations

Regulated industries that are undergoing a major flux due to technological innovation like healthcare, financial services, and education are likely to benefit from certification because it gives investors, partners, vendors, and customers extra assurance.

Compliance Automation - The Certn Difference

Compiling the documentation you need and putting in place continuous IT vendor monitoring can be daunting. Fortunately, there are leading information security platforms designed to make the process as easy as possible. Even better? Certn’s open API easily integrates with many of them.

We've partnered with industry leaders to integrate background checks into their platforms, making it easier to keep track of all your compliance efforts. One of our partners, Drata, offers a compliance solution that features automated monitoring and evidence collection that alert you of any failed controls—like incomplete background checks—to keep you audit-ready at all times.

If you’re ready to get started on the background checks required to achieve SOC 2 compliance, book a demo to learn more about how Certn and our partners can help.

Related articles

Enhance Your Security Controls with Certn and Tugboat Logic Integration

All business functions, including talent management and human resources - in an organization will need to undergo a security audit. Whenever that happens, your team needs to be
2 min read

How Background Checks Help Achieve SOC 2 Compliance

Think SOC 2 is a boring compliance topic? Think again. If you’re a SaaS startup, this designation gives you a competitive edge. Background checks are a key enabler of SOC
4 min read

Worried? Don't Be Intimidated By Background Checks

If you’re not familiar with or have any knowledge of the many benefits that background checks provide to businesses, then it is completely understandable why you may feel
3 min read

Background Checks Help Your Business Save Money

Background checks are a necessity in the modern business world as they keep your business safe from liability. Businesses that use background checks have proven that they are able
3 min read

Certn & Vanta Partner to Help Companies with SOC 2 Readiness

  Certn has always felt that security is not just something you talk about but it’s something that needs to be a top priority. We’ve made a commitment to ensure that our security
1 min read

The Dangers of Not Doing Background Checks (United States)

Are background checks necessary? Is it okay to skip them? What happens when you do? These are questions that are worth asking if you run a business in the US, because the answers
6 min read

Canada Property Managers: How Background Checks Help

When Vancouver-based property management company Advent Real Estate Services started using Certn’s background screening, it found that the services helped solve all kinds of
4 min read

2022 HR Trends Background Screening Helps With

2023 is just around the corner. And while the workplace is very different from what it was at the start of the COVID-19 pandemic in early 2020, to say the change is done is
6 min read

Beyond Risk: At Certn, It's All About Tech, Trust and Truth

The background check industry has too long revolved around risk and safety – intimidating topics. Many of our competitors use fear and uncertainty as a selling point. But at
3 min read

How The Hiring Processes have Changed and How We Can Adapt

Hiring isn’t a one–way process anymore. The industry is changing rapidly due to the global pandemic still affecting nearly 212,800 jobs just in January 2021 alone and with the
3 min read

6 Struggles in Retail Recruitment and How to Solve Them

It’s been a rough year for retail. COVID-19 has presented a huge challenge for brick and mortar-based businesses, with many stores closing, reducing hours and staffing, and
5 min read

The Global Solution to Remote Hiring - OneID™

  In recent months we, as a society, have learned the values of being able to do almost everything from the comfort of our own homes. Whether it be having groceries delivered or
2 min read

Win at hiring with the new Certn and Greenhouse integration

Hiring just got easier. Certn is glad to announce that we’re entering a partnership with another leader in the HR space, Greenhouse.  We provide the most comprehensive, AI-driven
2 min read

Certn: Growth Leaders Of Tomorrow

VICTORIA, B.C. April 14, 2020 Certn has been selected as one of Canada’s top tech companies in the information and communications industry. It was announced that Certn was added
1 min read

How the GIG Economy Continues to Adapt During a Pandemic

The world of work has been an ever-changing landscape. But we’ve never seen shifts of this magnitude before. Everyone’s talking about Gig companies. Some experts say it’s due to
4 min read

Certn Partnership with Njoyn

At Certn provide a complete background check system for all your hiring needs with results available at lightning speed. We offer criminal record checks, credential verification,
3 min read

How to Overcome International Recruitment Challenges with Certn and Deel

As an HR specialist, what process gives you the biggest headache? The coordination? The communication? The compliance requirements? Now imagine these challenges on a global scale;
6 min read

Reduce Your Time to Hire and Increase Hiring Efficiency

The hiring process is always evolving. Recruiters do one thing, and applicants adapt. Recruiters do another, and applicants adapt again. Build an algorithm that will filter CVs
7 min read

2022 HR Trends Background Screening Helps With

2023 is just around the corner. And while the workplace is very different from what it was at the start of the COVID-19 pandemic in early 2020, to say the change is done is
6 min read

How Background Checks Benefit All Business Departments

Background checks are the kind of thing that often stay in the background. They might not be the first thing that comes to mind when your company is looking for ways to reduce
4 min read

Certn's Background Checks “Easiest to Use” and More by G2!

Certonians—all the talented, hard-working, and synergistic people here at Certn—put a lot of care into making our clients happy. At Certn, we help our clients conduct background
3 min read

Embracing‌ ‌DEI ‌in‌ ‌the‌ ‌Candidate‌ ‌Experience‌ ‌with‌ ‌Certn‌ ‌&‌ ‌Pinpoint‌

Certn recently joined hands with Pinpoint to bring out a candidate-first platform. They will help recruiters hire faster, better, and smarter.  Hiring is a complex process with a
3 min read

7 FCRA Best Practices for US Employers

What is the FCRA?  Enacted back in 1970, the Federal Fair Credit Reporting Act (FCRA) was designed to promote fairness and accuracy and ensure data confidentiality for consumers
5 min read

Enhance Your Security Controls with Certn and Tugboat Logic Integration

All business functions, including talent management and human resources - in an organization will need to undergo a security audit. Whenever that happens, your team needs to be
2 min read

Beyond Risk: At Certn, It's All About Tech, Trust and Truth

The background check industry has too long revolved around risk and safety – intimidating topics. Many of our competitors use fear and uncertainty as a selling point. But at
3 min read

Why Background Checks Are an Asset to Your Hiring Team

Hiring mistakes cost money. Just how much, exactly? According to some estimates, a bad hire typically costs about 30% of their first-year salary. So it makes sense to try and
3 min read

Worried? Don't Be Intimidated By Background Checks

If you’re not familiar with or have any knowledge of the many benefits that background checks provide to businesses, then it is completely understandable why you may feel
3 min read

Why Background Checks are the Answer to Safe Online Dating

Being able to provide human beings with resources to help them feel comfortable and safe is priceless to any organization. Recently one of the biggest online dating platforms with
3 min read

Canada's Cannabis Industry and Criminal Record Checks

Employment in the cannabis industry in Canada is growing. In 2018, Canada introduced legalized recreational cannabis to the nation through the Cannabis Act, and employment in the
4 min read

Police Check Turnaround Times are at All-Time Highs

Tis the season where if you’re planning to coach hockey, you should be thinking about getting your annual background check! However, many leagues run on volunteers and one thing
1 min read

Background Check Solution for Associations & Not-for-Profits

Our background checks and other human resources services are primarily geared toward companies and their constant pursuit of excellent employees. However, we are very much aware
2 min read

How Background Checks Help Achieve SOC 2 Compliance

Think SOC 2 is a boring compliance topic? Think again. If you’re a SaaS startup, this designation gives you a competitive edge. Background checks are a key enabler of SOC
4 min read