compliance

SOC 2 Type II — trust services criteria attested.

The AICPA SOC 2 framework attests to a service organisation's controls relevant to the Trust Services Criteria (TSC): Security (mandatory), Availability, Processing Integrity, Confidentiality, Privacy. Type II reports cover operating effectiveness over a period (typically 6-12 months); Type I covers design at a point in time.

Talk to a security solutions engineer

What SOC 2 covers.

TSC 2017 (revised 2022) — common criteria across all categories plus category-specific criteria.

Common criteria (CC1-CC9) — control environment, communication + information, risk assessment, monitoring, control activities, logical + physical access, system operations, change management, risk mitigation.

Additional criteria — Availability (A1.1-A1.3), Processing Integrity (PI1.1-PI1.5), Confidentiality (C1.1-C1.2), Privacy (P1-P8).

Type II — operating effectiveness over the audit period attested by independent CPA firm.

How TeamSync addresses SOC 2.

1. Annual SOC 2 Type II report.

TeamSync's SOC 2 Type II report covers Security + Availability + Confidentiality + Privacy trust services criteria; report available under NDA.

2. Continuous-control monitoring.

Controls evidenced continuously rather than rebuilt before audit; reduces audit-period scramble.

3. Sub-service organisation handling.

Sub-service organisations (cloud infrastructure providers) covered via inclusive method or carve-out method as documented.

4. Customer-facing artefacts.

SOC 2 Type II report; bridge letter for inter-period gap; control summary; sub-processor list; security whitepaper.

5. Customer audit access.

Customer auditors can review reports + ask follow-up questions per the report's user-entity criteria.

What customers see.

Aspect TeamSync coverage
Security TSC Covered
Availability TSC Covered
Confidentiality TSC Covered
Privacy TSC Covered
Processing Integrity TSC Selectable per scope
Type II report Annual
Bridge letter Available
Sub-processor list Maintained

Adjacent rules + frameworks served.

  • SOC 1 — financial-reporting controls (separate report)
  • SOC 3 — public-summary version
  • ISO 27001:2022 — international parallel
  • HITRUST CSF — healthcare-extended

Personas this overlay serves.

Talk to us

Bring the question on your desk this week.

A 30-minute conversation with a solutions engineer who already speaks your industry. No pitch deck.

Book a demo See pricing