CenturyLink SOC 2 Reports are examination engagements performed by a third party auditor in accordance with AT Section 101, Attest Engagements, of SSAEs (Statement on Standards for Attestation Engagements) using the predefined criteria as outlined in TSP section 100, Trust Services Principles, Criteria, and Illustrations for Security, Availability, Processing Integrity, Confidentiality, and Privacy. A system is designed, implemented, and operated to achieve specific business objectives in accordance with management-specified requirements.
The SOC 2 Report specifically addresses one or more of the following five key system attributes:
- Security — The system is protected against unauthorized access (both physical and logical).
- Availability — The system is available for operation and use as committed or agreed.
- Processing Integrity — System processing is complete, accurate, timely and authorized.
- Confidentiality — Information designated as confidential is protected as committed or agreed.
- Privacy — Personal information is collected, used, retained, disclosed and disposed of in conformity with the commitments in the entity’s privacy notice, and with criteria set forth in Generally Accepted Privacy Principles (GAPP) issued by the AICPA and Canadian Institute of Chartered Accountants.
Types of SOC 2 Reports
SOC 2 Reports are intended to meet our customers need for information and assurance about CenturyLink controls. There are two types of SOC 2 reports:
Type 1 Report on management’s description of a service organization’s system and the suitability of the design of controls. Use of these reports is generally restricted.
Type 2 Report on management’s description of a service organization’s system and the suitability of the design and operating effectiveness of controls.
The 2015 SOC 2 report was compiled by the accounting firm Moss Adams LLP. The certification validates CenturyLink’s commitment to operational excellence and client satisfaction. The SOC 2 Type 2 report covers the period from July 1, 2014 through July 1, 2015. A Type 2 examination means that an independent service auditor has formally evaluated and issued an opinion on the description of selected CenturyLink systems and the suitability of the design and operating effectiveness of applicable controls.
Working with a global enterprise IT service provider like CenturyLink, customers can rest assured we have experience with a wide range of security controls, regulatory requirements and industry standard compliance models. CenturyLink customers benefit from our investment in these IT security frameworks, enabling them to assess their internal readiness and accelerate compliance obligations. Information provided by CenturyLink around these compliance programs demonstrates how our secure cloud platform provides a solid foundation for any risk mitigation strategy.