An SOC report is an independent audit issued by a third-party audit institution based on relevant guidelines developed by the American Institute of Certified Public Accountants (AICPA) for the systems and internal controls of outsourced service providers.
SOC reports are classified as SOC 1 (including Type I and Type II), SOC 2 (including Type I and Type II), or SOC 3.
• An SOC 1 report is intended to examine the controls related to financial reporting processes and is usually used by cloud customers and their independent auditors. SOC Type II reports provide more opinions on operational effectiveness than Type I reports to achieve related control objectives.
• An SOC 2 report focuses on the internal operations and compliance of an organization, including controls related to security, availability, process integrity, confidentiality, and privacy. An SOC Type I report demonstrates the design rationality of internal controls within the organization, and SOC Type II reports reflects the effectiveness of the implementation of the measures during the reporting period.
• An SOC 3 report is a summary version based on the SOC 2 Type II report and is available to the public.
Huawei Cloud has earned SOC 1 Type II, SOC 2 Type II, and SOC 3 certification. Huawei Cloud is the first cloud service provider in the world to meet the SOC 2 requirements for controls related to security, availability, process integrity, confidentiality, and privacy. This certifies that information security controls adopted by Huawei Cloud meet strictest requirements of the internationally recognized standards and also certifies our abilities to provide you with world-class security and privacy protection.
Huawei Cloud periodically invites third-party organizations to review its information security management systems to ensure that the ever-evolving Huawei Cloud environment and services are always protected by industry-leading information security management capabilities.
