There are a few tools that can be used when assessing a cloud service provider, and a SOC 2 report is one of them. If a cloud provider or vendor has a SOC 2 report available, it can be extremely useful to understand the company's controls when it comes to security, availability, processing, integrity, confidentiality and privacy. If the third party cannot provide a SOC 2 report, it's possible that they haven't had an assessment performed, or that they're not willing to disclose this data.
It's always best to receive a Type 2 SOC 2, but many vendors might send over a SOC 3 to prove that work has been completed. The Type 2 SOC 2 report will not only review the controls in question, but will go into detail on the effectiveness of the controls. If possible, try to get a Type 2 SOC 2 from the vendor as a first step. Read more at the link below:
http://searchcloudsecurity.techtarget.com/answer/How-can-enterprises-use-SOC-2-reports-to-evaluate-cloud-providers
No comments:
Post a Comment