tencent cloud

SOC Audit

The System and Organization Controls (SOC) report is an independent audit report for security, availability, and confidentiality control checkpoints of the Tencent Cloud platform. The report provided to you and your auditors will be adjusted according to the types of attestation services in order to meet specific needs.
SOC reports are a series of reports related to internal controls of a service organization issued by professional third-party accounting firms in compliance with the applicable guidelines of the American Institute of Certified Public Accountants (AICPA).

• Based on AT-C Section 320 in AICPA Statement on Standards for Attestation Engagements No. 18 (SSAE No. 18), Tencent Cloud SOC 1 report is issued for the control environment of the Tencent Cloud service system, which is related to the internal controls over your financial statements.

• Based on AT-C Section 205 and TSP Section 100 (2017 version) in AICPA SSAE No. 18, Tencent Cloud SOC 2 and 3 reports are independent reports assessing the adequacy of the controls and design related to the security, availability, and confidentiality of the Tencent Cloud service system.
  AICPA released the latest 2017 version of the trust services criteria in April 2017 and specified that during the transition period of the new criteria (from April 15, 2017 to December 15, 2018), service providers could choose whether to follow the latest 2017 version or the legacy 2016 version of the criteria. As a leading cloud service provider, Tencent Cloud adopted the 2017 version of the trust services criteria during the SOC audit in 2017, becoming the first provider in China to follow the 2017 version.

The SOC reports can provide Tencent Cloud users with valuable information to evaluate and resolve risks related to the service organization:

• SOC 1 report: Tencent Cloud user organizations and their independent auditors can evaluate major misstatement risks of their financial statements based on the SOC 1 report and their internal controls.
• SOC 2 report: Tencent Cloud user organizations, independent auditors, regulators, shareholders, and other stakeholders can evaluate the design adequacy and operational effectiveness of Tencent Cloud's internal controls (covering security, availability, process integrity, confidentiality, and privacy) based on the SOC 2 report.
• SOC 3 report: it is a part of the SOC 2 report. The SOC 3 report offers a brief introduction to Tencent Cloud’s products and service system and allows corporate clients to learn about Tencent Cloud’s internal controls.