Back

SOC 2+

Service Organization Control 2 is an industry-leading reporting standard, defined by the American Institute of Certified Public Accountants (AICPA), that is both easily understood and trusted by customers and their third-party auditors. A SOC 2 report reflects the controls of a services organization’s cloud offering relevant to its main pillars: security, availability, processing integrity, confidentiality, and/or privacy. This globally applicable compliance framework is applicable to all organizations that store customer data in the cloud. There are a few different types of SOC 2 attestation reports; SOC 2 Type 1, SOC 2 Type 2, and SOC Plus (SOC +)

  • icon

    SOC 2 Type 1

    SOC 2 Type 1 is an attestation report that focuses on the description of a service organization's system and the suitability of the design of its controls at a specific point in time

  • icon

    SOC 2 Type 2

    SOC 2 Type 2 goes a step further than Type 1. It assesses not only the design of the systems and corresponding controls (like in Type 1) but also the operational effectiveness of those controls over a specific review period, typically six months to a year. This report gives a historical view of the organization’s data management over time, adding a layer of assurance about how controls have been operating.

  • icon

    SOC 2+

    SOC 2+ or SOC 2 “Plus” represents an additional level of certification against an expanded control set, including control alignment against the HIPAA Security Rule, and additionally maps product controls to key controls for GDPR, PCI DSS, and UK NCSC Cloud Security Principles.

SOC 2+ Compliant Offerings

The below Palo Alto Networks cloud offerings and services have received a SOC 2+ which means a SOC 2 Type 2 with additional HIPAA compliance included:

Get the latest news, invites to events, and threat alerts

Popular Resources

Legal Notices

Popular Links

Report a Vulnerability