SOC Reports

Alibaba Cloud System and Organization Controls (SOC) Reports are independent third-party audit reports concerning the internal controls over the services offered by Alibaba Cloud as a service organization. The SOC Reports are valuable resources for Alibaba Cloud’s customers and their auditors to understand the organization controls and assess the risks associated with their outsourced services. Alibaba Cloud’s customers can review our system and organization controls by accessing the following SOC Reports:

SOC 1 Type 2 Report: This is an independent audit report performed according to SSAE No. 18 Attestation Standards AT-C section 320 Reporting on an Examination of Controls at a Service Organization Relevant to User Entities’ Internal Control Over Financial Reporting about the internal controls to achieve the control objectives defined by Alibaba Cloud.

SOC 2 Type 2 Report: This report provides a description of Alibaba Cloud’s internal controls based on the specific criteria outlined in DC section 200 Description Criteria for a Description of a Service Organization’s System in a SOC 2® Report with an opinion from the independent auditor to assure that the controls have been designed and operated effectively to achieve the AICPA Trust Services Criteria relevant to security, availability, and confidentiality set forth in TSP section 100 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy.

SOC 3 Report: This is an independent audit report generally describing the service commitments and system requirements of Alibaba Cloud which were designed and operated according to the trust services criteria relevant to security, availability, and confidentiality set forth in TSP section 100 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (AICPA, Trust Services Criteria). The report is publicly available to be downloaded here.

In addition, we also made our SOC Reports available in Japanese version and Chinese version for our customers’ reference.

To obtain our SOC 1 and SOC 2 Reports, please Contact Alibaba Cloud Security & Compliance Center.