SSAE18 Type 2 certificates: SOC 1, SOC 2 & SOC 3
Designed by the American Institute of Certified Public Accountants (AICPA), SOC reports are internal control reports on services provided by a service organisation. They provide valuable information to users to assess and manage the risks associated with an outsourced service.
The corresponding “Statement on Standards for Attestation Engagements” (SSAE No. 18) is used to regulate the way companies conduct their business — and more specifically, it defines how companies are accountable for compliance controls. These reports are called SOC 1, SOC 2 and SOC 3.
SOC 1 is a control report for service organisations, and deals with internal control of financial reports.
SOC 2 is a report that evaluates information systems in terms of security, availability, processing integrity and confidentiality.
SOC 3 is a general report, and does not provide detailed information like SOC 1 and SOC 2. The SOC 3 report is mainly used as marketing material.
Details of SOC 2 Type 2 reports
OVHcloud’s SOC 2 Type 2 report covers two aspects of IT systems.
Security: Information and systems are protected against unauthorised access, unauthorised disclosure of information, and damage to systems that could compromise the availability, integrity and confidentiality of information or systems, affecting the organisation’s ability to achieve its objectives as a result.
Availability: Availability refers to the accessibility of the system, products or services as stipulated in the Service Level Agreement (SLA). The minimum acceptable performance level for system availability is set by both parties.
Certifications and reports
Our customers can request access to our certifications and reports. They may also obtain documents relating to our certifications under certain conditions.
We only authorise audits carried out by third parties for the purpose of certifying all relevant parties. Please contact our sales department to access this type of service.