Skillcast recently announced the completion of our latest SOC 2 examination. We will unpack what a SOC 2 report is, what it covers and how exactly this impacts data security.
At Skillcast, keeping customer and stakeholder data secure is our top priority. To ensure that our systems and controls have been designed appropriately to achieve that goal, we sought out third-party attestation from a qualified auditing firm. Our SOC 2 report is the result of their examination.
Obtaining a System and Organisation Controls (SOC) 2 report is one way for a service organisation to attest to the security of its digital environment.
Completing a SOC 2 examination through an accredited third-party auditor does not result in any certification. Instead, the resulting Certified Public Account (CPA)'s report functions as a tool to help an organisation communicate whether the internal controls they've put in place governing the security of customers', partners', and stakeholders' data are properly designed, implemented, and maintained.
In simpler terms, a SOC 2 report provides an avenue for current and potential stakeholders to assess risk by giving them a closer look at the policies and procedures put in place to ensure the organisation's services are provided safely and reliably.
All SOC 2 examinations are performed by accredited CPA firms in accordance with the standards defined by SSAE 18. An auditor tests the effectiveness of the internal controls, outlined by the organisation, then maps those controls to one or a combination of Trust Services Criteria established by the American Institute of Certified Public Accountants (AICPA).
In our case, those criteria include:
The scope of a SOC 2 report can also vary depending on the time period covered.
The reporting period for Skillcast’s latest SOC 2 report spanned from 2 September 2024 to 1 September 2025.
Completing a SOC 2 examination marks a huge step forward in Skillcast’s efforts to demonstrate our commitment to data security and ensure that we’re prepared to face the challenges of the ever-changing cybersecurity landscape.
"We are pleased that our SOC 2 report has shown we have the appropriate controls in place to mitigate risks related to security, confidentiality and availability.”
- Dhruva Pudel, Head of Cybersecurity
SOC 2 provides third-party assurance that an organisation’s data protection measures are properly designed and functioning as intended.
The process requires companies to document, test, and continually improve controls related to access management, encryption, monitoring, and more.
By aligning with SOC 2 standards, organisations establish repeatable processes for safeguarding data and responding to incidents.
The SOC 2 framework helps identify gaps or weaknesses in security controls, allowing proactive remediation before issues arise.
A SOC 2 report signals to stakeholders that the organisation takes data security seriously and meets recognised industry benchmarks.
To summarise, SOC 2 doesn’t just prove compliance, it drives continuous improvement in how an organisation protects and manages sensitive data. This is imperative in today's digital landscape where cyber threats are constantly evolving and data protection is put to the test.
Our auditor, BARR Advisory, has provided a detailed breakdown on how to read a SOC 2 report, including where to find the most important and relevant information for your situation. For our current and prospective customers who are interested in obtaining a copy of Skillcast's latest SOC 2 report, you may find this in our Trust Centre.