SOC Reports

Alibaba Cloud System and Organization’s Controls (SOC) Reports are independent third-party audit reports concerning the internal controls over the services offered by Alibaba Cloud as a service organization. The SOC Reports are valuable resources for Alibaba Cloud’s customers and their auditors to understand the organization controls and assess the risks associated with their outsourced services. Alibaba Cloud’s customers can review our system and organization controls by accessing the following SOC Reports:

SOC 1 Type 2 Report: This is an independent audit report performed according to the SSAE No. 18 Attestation Standards AT-C section in 320 entitled,Reporting on an Examination of Controls at a Service Organization Relevant to User Entities’ Internal Control Over Financial Reporting about the internal controls to achieve the control objectives defined by Alibaba Cloud.

SOC 2 Type 2 Report: This report describes Alibaba Cloud’s internal controls based on the specific criteria outlined in DC section 200 entitled, Description Criteria for a Description of a Service Organization’s System in a SOC 2® Report with an opinion from the independent auditor to assure that the controls have been designed and operated effectively to achieve the AICPA Trust Services Criteria relevant to security, availability, and confidentiality outlined in TSP section 100 entitled, Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy.

SOC 3 Report: This is an independent audit report generally describing the service commitments and system requirements of Alibaba Cloud that were designed and operated according to the trust services criteria relevant to security, availability, and confidentiality outlined in TSP section 100 entitled,Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (AICPA, Trust Services Criteria.) The report is a summary of the SOC 2 report and is available for downloaded here.

Alibaba Cloud issues SOC reports twice a year with a reporting period of 12 months on a continuous rolling basis (1 April to 31 March and 1 October to 30 September). The latest SOC reports are available in May and November each year.

Alibaba Cloud SOC Reports are available to Alibaba Cloud customers in Alibaba Cloud Compliance Repository.