Our cloud provider already has a SOC 2 and other certifications, do we still need to do it?

If your company is using an IaaS (Infrastructure as a Service) provider such as AWS (Amazon Web Services), you’re probably impressed with number of certifications they have collected. A SOC 2 Type II from an IaaS provider will often cover most of the physical security requirements. Depending on how your system is configured, it may cover backup & recovery, and disaster recovery portions. A SOC 2 Type II from your cloud provider will not cover your application, your internal policies, etc. Using cloud services are helpful, but will not give you 100% coverage.

Related Posts

About Us
closeup photo of

Practical Assurance helps companies prepare for compliance with SOC 1, SOC 2, HIPAA, ISO 27001, IISF, and provides ICO and smart contract audits.

Let’s Socialize

Popular Post