SOC stands or Service Organization Controls, and are standards designed to assist service organizations imparting services to clients and customers.
A SOC report is issued after a third-part auditor conducts a through examination of an organization to verify that they have an effective system of controls related to security, availability, processing integrity, confidentiality and privacy.
SOC 1 is a control report for service organizations, which pertains to internal control over financial reports.
SOC 2 is a report using the existing SysTrust and WebTrust principles. This report evaluates the business information system that relates to security, availability, processing integrity, confidentiality, and privacy.
SOC 3 is also based on SysTrust and WebTrust principles but focused around general use report.
Our penetration testing methodology is as follows: