GLOSSARY
SOC reports
Terms
What is a SOC report?
A service organization controls (SOC) report is a way to verify that an organization is following specific best practices related to protecting their clients’ data before you outsource a business function to that organization.
These best practices are related to finances, security, processing integrity, privacy, and availability. The reports, which are created and validated by third-party auditors, are built to provide independent assurance and to help potential customers/partners understand any potential risks involved in working with the organization that was evaluated.
You may decide to pursue a SOC report because you’re working to sign on a client who values security, or your own company works with sensitive data and you want to be proactive in setting up security controls.
Depending on the information needed and the types of organizations involved, there are several versions of SOC reports.
You may also hear “SOC” referring to a security operations center. That’s a separate definition and meaning that doesn’t impact your compliance obligations.
Vanta is the easy way to get SOC 2, HIPAA, or ISO 27001 compliant. Over 2,000 fast-growing companies trust Vanta to automate their security monitoring and get ready for security audits in weeks instead of months. Simply connect your tools to Vanta, fix the gaps on your dashboard, and then work with a Vanta-trained auditor to complete your audit. We'll guide you throughout the process and help tailor your security monitoring and compliance to meet the needs of you and your customers. Vanta was founded in 2016 and headquartered in San Francisco.
