Skillcast recently announced the completion of our latest SOC 2 examination. We will unpack what a SOC 2 report is, what it covers and how exactly this impacts data security.
Key takeaways
- Skillcast has successfully completed our latest independent SOC 2 examination.
- A SOC 2 report verifies that data security and privacy controls are properly designed and maintained.
- The audit assesses controls against key Trust Services Criteria, including Security, Availability, Confidentiality, Processing Integrity, and Privacy.
- Undergoing the SOC 2 exam demonstrates the company’s commitment to safeguarding customer data and building trust.
- Customers can request a copy of the SOC 2 report or learn more through the company’s auditing partner, BARR Advisory.
At Skillcast, keeping customer and stakeholder data secure is our top priority. To ensure that our systems and controls have been designed appropriately to achieve that goal, we sought out third-party attestation from a qualified auditing firm. Our SOC 2 report is the result of their examination.
Understanding SOC2 compliance
- What is a SOC 2 report?
- What does a SOC 2 report cover?
- Why did we undergo a SOC 2 exam?
- What does SOC 2 mean for data security?
What is a SOC 2 report?
Obtaining a System and Organisation Controls (SOC) 2 report is one way for a service organisation to attest to the security of its digital environment.
Completing a SOC 2 examination through an accredited third-party auditor does not result in any certification. Instead, the resulting Certified Public Account (CPA)'s report functions as a tool to help an organisation communicate whether the internal controls they've put in place governing the security of customers', partners', and stakeholders' data are properly designed, implemented, and maintained.
In simpler terms, a SOC 2 report provides an avenue for current and potential stakeholders to assess risk by giving them a closer look at the policies and procedures put in place to ensure the organisation's services are provided safely and reliably.
What does a SOC2 report cover?
All SOC 2 examinations are performed by accredited CPA firms in accordance with the standards defined by SSAE 18. An auditor tests the effectiveness of the internal controls, outlined by the organisation, then maps those controls to one or a combination of Trust Services Criteria established by the American Institute of Certified Public Accountants (AICPA).
In our case, those criteria include:
- Security: The system is protected against unauthorised access (both physical and logical).
- Availability: The system is available for operation and use as committed or agreed.
- Processing Integrity: System processing is complete, valid, accurate, timely, and authorised
to meet the entity’s objectives. - Confidentiality: Information designated as confidential is protected as committed or
agreed. - Privacy: Personal information is collected, used, retained, disclosed, and disposed of to
meet the entity’s objectives.
Time period of SOC 2 reporting
The scope of a SOC 2 report can also vary depending on the time period covered.
- SOC 2 Type I reports examine an organisation’s controls at a single point in time and include a list of the controls tested.
- SOC 2 Type II reports examine controls over a period of time, usually between three and 12 months, and include both a list of the controls tested as well as the auditor’s test results.
The reporting period for Skillcast’s latest SOC 2 report spanned from 2 September 2024 to 1 September 2025.
Why did we undergo a SOC 2 exam?
Completing a SOC 2 examination marks a huge step forward in Skillcast’s efforts to demonstrate our commitment to data security and ensure that we’re prepared to face the challenges of the ever-changing cybersecurity landscape.
"We are pleased that our SOC 2 report has shown we have the appropriate controls in place to mitigate risks related to security, confidentiality and availability.”
What does SOC 2 mean for data security?
1. Independent validation of security controls
SOC 2 provides third-party assurance that an organisation’s data protection measures are properly designed and functioning as intended.
2. Strengthens security posture
The process requires companies to document, test, and continually improve controls related to access management, encryption, monitoring, and more.
3. Promotes operational consistency
By aligning with SOC 2 standards, organisations establish repeatable processes for safeguarding data and responding to incidents.
4. Improves risk visibility
The SOC 2 framework helps identify gaps or weaknesses in security controls, allowing proactive remediation before issues arise.
5. Builds trust with customers and partners
A SOC 2 report signals to stakeholders that the organisation takes data security seriously and meets recognised industry benchmarks.
To summarise, SOC 2 doesn’t just prove compliance, it drives continuous improvement in how an organisation protects and manages sensitive data. This is imperative in today's digital landscape where cyber threats are constantly evolving and data protection is put to the test.
Would you like to find out more about our SOC 2 report?
Our auditor, BARR Advisory, has provided a detailed breakdown on how to read a SOC 2 report, including where to find the most important and relevant information for your situation. For our current and prospective customers who are interested in obtaining a copy of Skillcast's latest SOC 2 report, you may find this in our Trust Centre.
Written by: Dhruva Pudel
Dhruva is the Head of Cyber Security at Skillcast. He has over 16 years of experience in the IT domain focused on security. Strong technical experience allows him to zoom in on detail, and business dynamics knowledge allows a wider organizational view ensuring value add and alignment.
.png?width=472&name=MicrosoftTeams-image%20(58).png)
