The System and Organization Controls (SOC) report is an independent audit report for security, availability, and confidentiality control checkpoints of the Tencent Cloud platform. The report provided to you and your auditors will be adjusted according to the types of attestation services in order to meet specific needs.
SOC reports are a series of reports related to internal controls of a service organization issued by professional third-party accounting firms in compliance with the applicable guidelines of the American Institute of Certified Public Accountants (AICPA).
Based on AT-C Section 320 in AICPA Statement on Standards for Attestation Engagements No. 18 (SSAE No. 18), Tencent Cloud SOC 1 report is issued for the control environment of the Tencent Cloud service system, which is related to the internal controls over your financial statements.
Based on AT-C Section 205 and TSP Section 100 (2022 version) in AICPA SSAE No. 18, Tencent Cloud SOC 2 and 3 reports are independent reports assessing the adequacy of the controls and design related to the security, availability, and confidentiality of the Tencent Cloud service system.
AICPA released the updated Trust Services Criteria in 2022. In its 2022 SOC audit, Tencent Cloud proactively adopted this latest version in its compliance practice, in order to continuously ensure that its internal control system meets the requirements of current international standards.
The SOC reports can provide Tencent Cloud users with valuable information to evaluate and resolve risks related to the service organization:
SOC 1 report: Tencent Cloud user organizations and their independent auditors can evaluate major misstatement risks of their financial statements based on the SOC 1 report and their internal controls.
SOC 2 report: Tencent Cloud user organizations, independent auditors, regulators, shareholders, and other stakeholders can evaluate the design adequacy and operational effectiveness of Tencent Cloud's internal controls (covering security, availability, process integrity, confidentiality, and privacy) based on the SOC 2 report.
SOC 3 report: It is a part of the SOC 2 report. The SOC 3 report offers a brief introduction to Tencent Cloud’s products and service system and allows corporate clients to learn about Tencent Cloud’s internal controls.