The System and Organization Controls (SOC) report is an independent audit report for security, availability, and confidentiality control checkpoints of the Tencent Cloud platform. The report provided to you and your auditors will be adjusted according to the types of attestation services in order to meet specific needs.
SOC reports are a series of reports related to internal controls of a service organization issued by professional third-party accounting firms in compliance with the applicable guidelines of the American Institute of Certified Public Accountants (AICPA).
Based on AT-C Section 320 in AICPA Statement on Standards for Attestation Engagements No. 18 (SSAE No. 18), Tencent Cloud SOC 1 report is issued for the control environment of the Tencent Cloud service system, which is related to the internal controls over your financial statements.
Based on AT-C Section 205 and TSP Section 100 (2017 version) in AICPA SSAE No. 18, Tencent Cloud SOC 2 and 3 reports are independent reports assessing the adequacy of the controls and design related to the security, availability, and confidentiality of the Tencent Cloud service system.
AICPA released the latest 2017 version of the trust services criteria in April 2017 and specified that during the transition period of the new criteria (from April 15, 2017 to December 15, 2018), service providers could choose whether to follow the latest 2017 version or the legacy 2016 version of the criteria. As a leading cloud service provider, Tencent Cloud adopted the 2017 version of the trust services criteria during the SOC audit in 2017, becoming the first provider in China to follow the 2017 version.
The SOC reports can provide Tencent Cloud users with valuable information to evaluate and resolve risks related to the service organization: