Availability
SOC2 (System and Organization Controls 2) is a type of audit report that evaluates a company's information systems' effectiveness in meeting the Trust Service Criteria (TSC) established by the American Institute of Certified Public Accountants (AICPA).
One of the five Trust Service Criteria is availability. The availability principle requires that the system, product, or service being audited is available for operation and use as committed or agreed upon with the customer or user.
To meet the availability criteria, the following principles need to be considered and met:
Meeting these principles ensures that the system, product, or service being audited is reliable, available, and secure, which enhances trust and confidence in the organization's operations.
One of the five Trust Service Criteria is availability. The availability principle requires that the system, product, or service being audited is available for operation and use as committed or agreed upon with the customer or user.
To meet the availability criteria, the following principles need to be considered and met:
- Availability: The system, product, or service must be available for operation and use as agreed upon with the customer or user. This includes ensuring that the system is accessible and functioning correctly.
- Processing Integrity: The system must process authorized transactions completely, accurately, timely, and securely. This includes ensuring that the system does not lose, duplicate, or corrupt data.
- Confidentiality: The system must protect confidential information from unauthorized access, disclosure, or modification. This includes ensuring that only authorized individuals have access to the data.
- Privacy: The system must collect, use, retain, disclose, and dispose of personal information in accordance with the organization's privacy notice, as well as with the criteria set out in the generally accepted privacy principles.
- Security: The system must protect against unauthorized access, use, disclosure, modification, and destruction of the data. This includes ensuring that the system is resilient to attacks and unauthorized access.
Meeting these principles ensures that the system, product, or service being audited is reliable, available, and secure, which enhances trust and confidence in the organization's operations.
