SOC 2 Type II Report Clause Samples
A SOC 2 Type II Report clause requires a party, typically a service provider, to furnish a report that evaluates the effectiveness of its controls related to security, availability, processing integrity, confidentiality, or privacy over a specified period. This report is usually prepared by an independent auditor and covers not just the design but also the operational effectiveness of the controls in place. By mandating the provision of a SOC 2 Type II Report, the clause assures the other party that appropriate safeguards are maintained and verified, thereby reducing risk and building trust in the service provider’s systems.
POPULAR SAMPLE Copied 9 times
SOC 2 Type II Report. The Company, at its expense, shall deliver or cause to be delivered, by no later than August 31, 2019, for a reporting date no later than July 31, 2019, a “SSAE 18 SOC 2 Type I Report” by an independent third party audit firm registered with the Public Company Accounting Oversight Board and of good repute in the financial services industry, that addresses all of the 2017 Trust Services Criteria for Security (often referred to as Common Criteria), Availability, Processing Integrity, Confidentiality and Privacy as codified in TSP section 100 (AICPA Trust Services Criteria). For the following year, the Company will deliver, or cause to be delivered, no later than August 31, 2020, a “SSAE 18 SOC 2 Type II Report” which will have a twelve-month reporting period ended twelve months after the SSAE 18 SOC 2 Type I Reporting date. (For example, if the SSAE 18 SOC 2 Type I Report is dated July 31, 2019, then the SSAE 18 SOC 2 Type II report will be for the twelve months ended July 31, 2020.) For each subsequent year thereafter, the Company will deliver a SSAE 18 SOC 2 Type 2 Report on August 31, for the reporting period defined as the twelve months ended July 31 of that same year.