Service Organization Control 2 definition

Service Organization Control 2 or “SOC 2” means the internal controls in place at the third-party service organization. For a company to receive SOC 2 certification, it must have sufficient policies and strategies that satisfactorily protect the client’s data.

Split View

AI-Powered Contracts

Draft, Review & Redline at the Speed of AI

Get StartedBook a Demo

Service Organization Control 2 or “SOC 2” means the internal controls at the third-party service relevant to security, availability, processing integrity, confidentiality, or privacy for a company to receive SOC 2 certification, it must have sufficient policies and strategies that satisfactorily protect the client’s data.

Examples of Service Organization Control 2 in a sentence

• Okta will conform with security protocols which are further described in Okta’s most recently completed Service Organization Control 2 (SOC 2) audit reports or other similar independent third-party annual audit report (“Audit Report”).

• Such security program will conform to the Security Exhibit attached as Exhibit A, and is further described the most recent Service Organization Control 2 (SOC2 Type II) (or substantially similar industry standard report).

• Such Security Program will conform with the Okta security protocols which are further described in Okta’s most recently completed Service Organization Control 2 (SOC 2) audit reports or other similar independent third party annual audit report (“Audit Report”).

• The data importer also regularly undergoes Service Organization Control 2 (SOC 2) Type II audits.

• Okta will conform with security protocols which are further described in Okta’s most recently completed SSAE18, or successive standard, Service Organization Control 2 (SOC 2) audit reports or other similar independent third-party annual audit report (“Audit Report”).

• Zadara has completed Service Organization Control 2 (SOC 2) Type II and ISO 27001 audits for the Services, which were conducted by an independent auditor that evaluated the design and effectiveness of Zadara security policies, procedures, and controls.

• Box’s Service Organization Control 1 (SOC1) and Service Organization Control 2 (SOC2) Type II audit reports (or substantially similar industry-standard reports) (collectively referred to as “Audit Reports”) further describe Box’s safeguards and measures.

• Box’s Service Organization Control 1 (“SOC1”) and Service Organization Control 2 (“SOC2”) Type II audit reports (or substantially similar industry- standard reports) (collectively referred to as “Audit Reports”) further describe Box’s safeguards and measures.

• Notwithstanding the foregoing, solely with respect to audits for information security purposes only, if Contractor’s operations related to the services are covered by an active HITRUST Certification, Service Organization Control 2 (“SOC 2”) report or other third-party assessment (a “Third Party Assessment”) then KHS agrees to accept the Third- Party Assessment in lieu of an audit and as evidence of Contractor’s compliance with any security controls or requirements.

• GOC-0241 GOC Respond timely to information request associated with the AICPA - Service Organization Control 2 (SOC 2), Type II audit at the end of each Operational Contract Year to provide assurance related to data security, availability, processing integrity, confidentiality, and privacy, and provide the results of each audit to HHSC as soon as is practicable upon completion.