GET IN TOUCH
GET IN TOUCH
Dot.Bit d.o.o.
Corporate address
Stubička ulica 48a
10110 Zagreb
Email: info@dotbit.eu
PCI SSC and the payment brands
Back in 2011 theAssurance Services Executive Committee (ASEC) of the American Institute of Certified Public Accountants (AICPA) created a set of Service Organisation Controls (SOC) and pertaining assessments which include assessments of financial controls (SOC 1, formerly SAS70) and assessments over service provider’s controls for managing customer data (SOC 2 and SOC 3).
SOC 2 is specifically designated for service providers storing and processing customer data in the cloud, e.g. nearly most of the SaaS companies. SOC 2 compliance is a minimal requirement when considering a cloud based services provider.
SOC 2 defines criteria for managing customer data based on five Trust Services Principles and Criteria (TSPs) – relevant to
Both SOC1 and SOC2 reports can be issued either as Type I or Type II, where;
Identifying your attestation requirements and associated scope and relevant TSPs is a place to start. Every organisation should establish, adopt and adhere to a set of Information Security policies and associated procedures relevant to the security, availability, processing integrity, confidentiality and privacy of customer data.
Read more on how to achieve SOC2 compliance ..
Subscribe to dot.bit newsletter and keep track of the latest news and new solutions!
Dot.Bit d.o.o.
Corporate address: Stubička ulica 48a
10110 Zagreb, Croatia
E-mail: info@dotbit.eu