Print ISSN  :  2708-616X     |  Online ISSN  :   2708-6178   |  DOI:

Volume 6 |  Number 2  |   July – December 2021   |  DOI:

SOC for Cybersecurity & SOC 2® for Service Organizations – An empirical study on industry’s perspective

Received : July 2021   |   Revised: November 2021   |   Accepted:  December 2021


Anil K. Makhija, B.E., PGDIM, MBA,
CamEd Business School
Email: [email protected]


Businesses across the globe have been going digital. A paradigm that has been accelerated due to pandemic. This has resulted into creation of a complex cyberspace. Further, organizations have become linked and dependent on each other, due to increased outsourcing as well as shift towards cloud computing. This has also led to creation of various industry standards and frameworks that help organizations evaluate their own and their provider’s practices related to system reliability, information security and cybersecurity. Amongst these, SOC2 for service organizations and SOC for Cybersecurity are two leading reports that help organizations assess system reliability and cybersecurity. AICPA recognizes it has that there is confusion amongst the applicability of these reports, and therefore it has created some guidance on how these two reports are different and how they can be leveraged by organizations. This guidance provides an inside-out perspective driven by purpose of these reports and the methodology used to create these reports. The industry (practitioners, implementors and vendor managers, CXOs) perspective on the applicability and distinction of these reports was not yet available. This research brings out industry (practitioners, implementors and vendor managers, CXOs) perspective on the applicability and distinction of these reports. Findings indicate that SOC2 demand and usefulness is perceived high whereas SOC for Cybersecurity demand and usefulness is perceived low by the industry. Findings of this research also indicate that industry excepts AICPA to simplify SOC2 reports and make them easier to understand.

Keywords: SOC2, SOC for Cybersecurity, systems reliability, AICPA, trust services criteria


Read full text

Cite this article in APA 7

Makhija, A., K. (2021). SOC for cybersecurity & SOC 2® for service organizations – An empirical study on industry’s perspective. JAFESS, 6(2), 19 – 29.

Online citation generator by    Scribbr    QuillBot

Except where otherwise noted, content in JAFESS and CamEd OAR © 2016 by CamEd Business School is licensed under CC BY 4.0