Alibaba Cloud System and Organization’s Controls (SOC) Reports are independent third-party audit reports concerning the internal controls over the services offered by Alibaba Cloud as a service organization. The SOC Reports are valuable resources for Alibaba Cloud’s customers and their auditors to understand the organization controls and assess the risks associated with their outsourced services. Alibaba Cloud’s customers can review our system and organization controls by accessing the following SOC Report:

SOC 3 Report: This is an independent audit report generally describing the service commitments and system requirements of Alibaba Cloud that were designed and operated according to the trust services criteria relevant to security, availability, and confidentiality outlined in TSP section 100 entitled,Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (AICPA, Trust Services Criteria.) The report is a summary of the SOC 2 report and can be downloaded here.

Alibaba Cloud issues SOC reports twice a year with a reporting period of 12 months on a continuous rolling basis (1 April to 31 March and 1 October to 30 September). The latest SOC reports are available in May and November each year.

Alibaba Cloud SOC Reports are available to Alibaba Cloud customers in Alibaba Cloud Compliance Repository.