We stay up-to-date on all required certifications, so you can dedicate your time to your business. The independently audited assurances of our compliance and commitment will provide you peace of mind.
What SOC Is
System and Organization Controls (SOC) for Service Organizations are internal control reports created by the American Institute of Certified Public Accountants (AICPA). They examine services provided by a service organization, so end users can assess and address the risk associated with an outsourced service.
The SOC 2 is a report based on the Auditing Standards Board of the American Institute of Certified Public Accountants’ (AICPA) existing Trust Services Criteria (TSC). This report aims to evaluate an organization’s information systems relevant to security, availability, processing integrity, confidentiality, and privacy.
The AICPA created the Statement on Standards for Attestation Engagements No. 18 (SSAE 18) to keep pace with globally recognized international accounting standards.
SSAE 18 aligns closely with the International Standard on Assurance Engagements 3402 (ISAE 3402). They both generate a report by an objective third party attesting to an organization’s assertions about its controls. The Service Organization Controls (SOC) framework is the method by which the control of financial information is measured.
A SOC 2 attestation is performed under:
- SSAE No. 18, Attestation Standards: Clarification and Recodification, which includes AT-C section 105, Concepts Common to All Attestation Engagements, and AT-C section 205, Examination Engagements (AICPA, Professional Standards).
- SOC 2 Reporting on an Examination of Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy (AICPA Guide).
- TSP section 100, 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (AICPA, 2017 Trust Services Criteria).
At the conclusion of a SOC 2 audit, the auditor renders an opinion in a SOC 2 report. This report describes the cloud service provider’s (CSP’s) system and assesses the fairness of the CSP’s description of its controls. It also evaluates whether the CSP’s controls are designed appropriately, were in operation on a specified date, and were operating effectively over a specified time period.
dxFeed’s SOC 2 audit report is available to dxFeed’s customers and prospects under NDA upon request.