Specifies requirements for a quality management system where an organization must demonstrate its ability to provide medical devices and related services that consistently meet customer and applicable regulatory requirements. Such organizations can be involved in one or more life-cycle stages, including design and development, production, storage and distribution, installation or servicing of a medical device, and design and development or provision of associated activities (e.g., technical support).
Specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system within the context of the organization. It also includes requirements for assessing and treating information security risks tailored to the organization's needs.
An internal controls report that captures how a company safeguards customer data and how well those controls operate. SOC 2 is an auditing measure developed by the American Institute of CPAs (AICPA) that ensures service providers securely manage user data.
A SOC 2 Type 2 report ensures that a company considers all aspects of the business when evaluating information security, including but not limited to: data processing, development processes, hiring practices, personnel training, new hardening, detection, and prevention methods.