The SOC 2 audit is based on a set of criteria that are used in evaluating controls relevant to the security,
availability, processing integrity, confidentiality, or privacy of a system.
What system components are evaluated during a SOC 2 audit?
• Infrastructure (physical, IT, or other hardware such as mobile devices)
• Software (application programs and IT system software that supports application
programs, such as OS and utilities)
• People (all personnel involved in the use of the system)
• Processes (all automated and manual procedures)
• Data (transmission streams, files, databases, tables, and output used or processed by a system)