SOC 2 (Service Organization Control) is a voluntary compliance standard for service organizations, which means having controls in place to meet industry standards for security, privacy, and more. It is a cybersecurity compliance framework developed by the American Institute of CPAs (AICPA). MOBIA has completed a third-party audit that demonstrates that we have those controls in place, and over an observation period, validated that our controls are effective.
The main benefit of SOC 2 compliance for our customers, is that it demonstrates that MOBIA maintains a high level of information security. The rigorous compliance requirements, which are put to the test in an audit, ensure that sensitive information is being handled responsibly.In our SOC 2 audit report, the auditor provided a written evaluation of MOBIA's internal controls. A copy of our report is available by contacting firstname.lastname@example.org.In addition, MOBIA is an ISO accredited organization, holding an ISO 9001: 2015 accreditation.
Is this the same as ISO 27001? A principal difference is who conducts the audit. A recognized ISO 27001-accredited certification body must complete ISO 27001 certification. In contrast, a SOC 2 attestation report can only be performed by a licensed CPA (Certified Public Accountant). ISO 27001 is a standard for design and implementation of an information security management system (ISMS). SOC 2 places more focus on how security principles and operationalized to address the relevant risks. SOC 2 is closely aligned to the 17 principles in the COSO (Committee of Sponsoring Organizations of the Treadway Commission) framework published in 2013, which developed guidelines for businesses to evaluate internal controls, risk management, and fraud deterrence.