# Data security (SOC 2) ## Introduction *SOC 2 (Service Organisation Control Type 2)* is a cybersecurity framework that assesses how well a service organisation protects client data. {% embed url="" %} ## Purpose Developed by the *American Institute of Certified Public Accountants (AICPA)*, the purpose of SOC 2 is to: * Ensure that client data is handled securely by third-party service providers * Build trust between a company and its customers * Demonstrate a company's maturity in handling customer data ## The SOC 2 report The SOC 2 report evaluates controls against the *Trust Services Criteria*, focusing on controls in five categories: * [Security](#security) * [Availability](#availability) * [Confidentiality](#confidentiality) * [Processing integrity](#processing-integrity) * [Privacy](#privacy) The Patchworks SOC 2 report is available upon request. ### Security Information and systems are protected against unauthorised access/disclosure, and damage to the system that could compromise availability, confidentiality, integrity and privacy. Protections include: * Firewalls * Intrusion detection * Multi-factor authentication ### Availability Systems, tools, and processes are in place to ensure systems are available for operational use. These include: * Performance monitoring * Disaster recovery * Incident handling ### Confidentiality Systems, tools, and processes are in place to ensure information is protected and available on a legitimate, need-to-know basis (applies to various types of sensitive information). These include: * Encryption * Access controls * Firewalls ### Processing integrity Resources, tools and processes are in place to ensure system processing is complete, valid, accurate, timely and authorised. These include * Quality assurance * Process monitoring * Adherence to principle ### Privacy Systems, tools, and processes are in place to ensure personal information is collected, used, retained, disclosed and disposed of according to policy (privacy applies only to personal information). These include: * Access control * Multi-factor authentication * Encryption --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://doc.wearepatchworks.com/product-documentation/getting-started/technical-overview/data-security-soc-2.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.