The American Institute of CPA’s SOC 3 – SOC for Service Organizations: Trust Services Criteria for General Use Report is designed for users who need assurance about the controls at a service organization relevant to security, availability, processing integrity, confidentiality or privacy.

The report is a general-use report and therefore can be freely distributed.

Please contact your account rep for a copy of the following reports. If you’re looking for the Informatica’s EU-U.S. Privacy Shield certification, it can be found here.

AICPA SOC 2®  - SOC for Service Organizations: Trust Services Criteria

The American Institute for Certified Public Accountants (AICPA) provides specifications for how service organizations report on the internal controls of the services they provide.  The reports provide valuable information that users need to assess and address the risks associated with an outsourced service. 

Informatica can make available a SOC 2 Type 2 report on the Informatica Cloud Hosting Service (ICHS) environment, the suitability of the design and the operating effectiveness of controls over time. Use of these reports is restricted and requires an NDA to be in place with Informatica before the reports can be distributed.

AICPA SOC 1®  - SOC for Service Organizations: Internal Control Over Financial Reporting

The American Institute of CPA’s SOC 1 -– SOC for Service Organizations: User Entities’ Internal Control over Financial Reporting (ICFR) is designed for users who need assurance about the controls at a service organization to financial controls, operations and IT and business processes that are tied to their financial reporting.

SOC 1 reports can only be distributed to existing customers and their auditors, not prospects.

HIPAA / HITECH

Informatica’s information security program governing the ICHS environment has been examined by a qualified third party to determine if the system description is fairly presented and that the information security program governing the ICHS system conforms, as applicable, and is presented in accordance with the requirements of HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health).

The third party has produced a report documenting the process, along with its opinion. Use of these reports is restricted and requires an NDA to be in place with Informatica before the reports can be distributed.  

Privacy Shield 

The EU-U.S. and Swiss-U.S. Privacy Shield Frameworks were designed by the U.S. Department of Commerce, and the European Commission and Swiss Administration to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce.