A SOC 2 report is issued by an independent, third-party CPA (Certified Public Accountant) firm. The process involves an extensive examination of the company’s internal controls and security practices. Once the auditor has completed their review and gathered enough evidence, they issue an ‘Attestation Report.’
This report contains the auditor’s formal opinion on whether the companyâs controls are designed and operating effectively.
Because the AICPA governs the standards for these reports, they are recognized as highly credible documents across the business world. The ‘issuer’ acts as a neutral referee who verifies that the companyâs security claims match the reality of their daily operations.