The SOC Type 2 reports are divided into five principles.
Which of the five principles must also be included when auditing any of the other four principles?
The SOC Type 2 reports are divided into five principles.
Which of the five principles must also be included when auditing any of the other four principles?
Under the SOC guidelines, security is a foundational principle that must be included when auditing any of the other four principles: confidentiality, processing integrity, availability, and privacy. This ensures that a proper base of security measures is in place, supporting the integrity and confidentiality of the system being audited.
C. Security
The SOC 2 framework is built around five trust services principles: Security, Availability, Processing Integrity, Confidentiality, and Privacy. When performing an audit for any of the latter four principles, the Security principle is always a required baseline. It acts as the foundational control that underpins the effectiveness of the other areas.