What is a SOC 2 auditor?
‍
To obtain a SOC 2 audit and report, an organization’s security measures must be reviewed and verified by a certified auditor. Only licensed CPA firms can perform a SOC 2 examination.
‍
SOC auditors are independent CPAs who work with the SOC (System and Organization Controls) suite to evaluate and report on the controls in place at a service organization, relevant to a set of criteria known as the Trust Services Criteria: Security, Availability, Processing Integrity, Confidentiality, or Privacy. A SOC 2 auditor’s independent verification of an organization’s security systems is intended to help service organizations provide their customers and prospects with valuable information about how they manage data and information security.
‍
Working with a CPA and certified SOC 2 auditor is a key part of obtaining a SOC 2 report.