Change log: SOC 2

In this change log, you can learn about the latest changes, improvements, and updates for the Service Organization Control (SOC 2) profile. The change log lists changes that were made, ordered by the version number.

Service Organization Control (SOC) reports are independent, third-party reports issued by assessors certified by the American Institute of Certified Public Accountants (AICPA) addressing the risk associated with an outsourced service. A SOC 2 report evaluates the internal controls that an organization has put in place to protect customer-owned data and provides details about the nature of those internal controls.

Profile versioning

When specifications or controls are edited, removed from, or added to a profile in a way that is not compatible with the current version, a new version is released. To take advantage of the changes in a new version, update your attachments to use the newest profile version.

This profile is consistently updated and is not an exhaustive list of all the controls that might be required for every organization. Be sure to validate the available controls to determine where you might need to supplement your workloads with other security measures.

Version summary

The following table details the release dates and status of each profile version.

New attachments cannot be created on deprecated profile versions. Select the most recent version to use for your evaluation.

Table. Active versions of the SOC 2 profile
Version number	Release date	Status
Version 1.0.0	`2023-12-06`	Active

Version 1.0.0

Now available: Released today, 6 December 2023, the SOC 2 profile is a collection of controls designed to validate the configuration of your resources.