SOC

Unified Talk System and Organization Controls (SOC) Reports are independent third-party examination reports that demonstrate how Unified Talk achieves key compliance controls and objectives. The purpose of these reports is to help you and your auditors understand the Unified Talk controls established to support operations and compliance. There are three Unified Talk SOC Reports:

Unified Talk SOC 1 Report, available to Unified Talk customers from Unified Talk Artifact.
Unified Talk SOC 2 Security, Availability, Confidentiality & Privacy Report available to Unified Talk customers from Unified Talk Artifact.
Unified Talk SOC 3 Security, Availability, Confidentiality & Privacy Report, publicly available as a whitepaper.

What information do the Unified Talk SOC Reports provide?

	SOC 1	SOC 2: Security, Availability, Confidentiality & Privacy	SOC 3: Security, Availability, Confidentiality & Privacy
What is the report?	A description of the Unified Talk control environment and external audit of Unified Talk defined controls and objectives	A description of the Unified Talk controls environment and external audit of Unified Talk controls that meet the AICPA Trust Services Security, Availability, Confidentiality, and Privacy Criteria	A public facing report demonstrating Unified Talk has met the AICPA Trust Services Security, Availability, Confidentiality, and Privacy Criteria
Under what Standard is the Audit Report Performed?	SSAE No. 18, Attestation Standards: Clarification and Recodification (AICPA, Professional Standards), which includes AT-C section 320, Reporting on an Examination of Controls at a Service Organization Relevant to User Entities’ Internal Control Over Financial Reporting. AICPA Guide, Service Organizations: Reporting on an Examination of Controls at a Service Organization Relevant to User Entities’ Internal Control Over Financial Reporting (SOC 1®)	SSAE No. 18, Attestation Standards: Clarification and Recodification, which includes AT-C section 105, Concepts Common to All Attestation Engagements, and AT-C section 205, Examination Engagements AICPA Guide, Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy(SOC 2®) TSP section 100A, 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (AICPA, 2017 Trust Services Criteria)	SSAE No. 18, Attestation Standards: Clarification and Recodification, which includes AT-C section 105, Concepts Common to All Attestation Engagements, and AT-C section 205, Examination Engagements TSP section 100A, 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (AICPA, 2017 Trust Services Criteria)
What's the Primary Report Purpose?	To provide information to customers about Unified Talk' control environment that may be relevant to their internal controls over financial reporting To provide information to customers and their auditors for their assessment and opinion of the effectiveness of internal controls over financial reporting (ICOFR)	To provide customers and users with a business need with an independent assessment of Unified Talk' control environment relevant to system security, availability, confidentiality, and privacy	To provide customers and users with a business need with an independent assessment of Unified Talk' control environment relevant to system security, availability, confidentiality, and Privacy without disclosing Unified Talk internal information
Who is the Primary Report Audience?	Customer management and their auditors	Users with business need	Publicly available here
What Period does the Unified Talk Report Cover?	12 months: ending 3/31, 6/30, 9/30, 12/31	12 months: ending 3/31, 9/30	12 months: ending 3/31, 9/30

Which Unified Talk services are in scope for the SOC Reports?

The covered Unified Talk services that are already in scope for the SOC reports can be found within Unified Talk Services in Scope by Compliance Program. If you would like to learn more about using these services and/or have interest in other services please contact us.

Which regions are covered by the Unified Talk SOC Reports?

For a complete list of all in scope regions please refer to the Unified Talk SOC 3 Report.

Who performs the independent third-party audit of Unified Talk for the SOC Reports?

Ernst & Young LLP performs the Unified Talk SOC 1, SOC 2 and SOC 3 audits.

How often are the Unified Talk SOC Reports issued and when can I expect a new report to be released?

Unified Talk issues SOC 1 reports quarterly and SOC 2 / 3 reports twice per year. Each report covers a 12 month period. New SOC reports are released approximately 6-7 weeks after the end of the audit period (mid-February and mid-August for SOC 1 only and mid-May and mid-November for SOC 1/2/3).

Is there an ISAE 3402 Report?

The Unified Talk SOC 1 Audit is conducted in accordance with International Standards for Assurance Engagements No. 3402 (ISAE 3402). Customers needing an ISAE 3402 Report should request the Unified Talk SOC 1 Type II Report by using Unified Talk Artifact, a self-service portal for on-demand access to Unified Talk compliance reports. Sign in to Unified Talk Artifact in the Unified Talk Management Console, or learn more at Getting Started with Unified Talk Artifact.

Is a non-disclosure agreement (NDA) required to receive the Unified Talk SOC Reports?

An NDA is required to review the Unified Talk SOC 1 and SOC 2 reports. The Unified Talk SOC 3 report is a publicly available summary of the Unified Talk SOC 2 report. The Unified Talk SOC 3 report outlines how Unified Talk meets the AICPA’s Trust Security Principles in SOC 2 and includes the external auditor’s opinion of the operation of controls. You can read the latest Unified Talk SOC 3 Report on the Unified Talk website.

How do I request an Unified Talk SOC 1 or SOC 2 Report?

The Unified Talk SOC 1 and SOC 2 are available to customers by using Unified Talk Artifact, a self-service portal for on-demand access to Unified Talk compliance reports. Sign in to Unified Talk Artifact in the Unified Talk Management Console, or learn more at Getting Started with Unified Talk Artifact.

Where can I find the Unified Talk SOC 3 Report?

The latest Unified Talk SOC 3 Report is publicly available on the Unified Talk website.

When will new regions be covered by the SOC Reports?

Unified Talk issues SOC 1, SOC 2, and SOC 3 Reports twice per year, covering 6-month periods (October 1 – March 31 and April 1 – September 30). As appropriate, we will scope-in new regions to our SOC reports at the next available review cycle.