DIY SOC2 compliance for custom containers and Kubernetes running on Oracle Cloud Infrastructure
Sanjay Basu Note : My original blog series was published in ORACLE CLOUD INFRASTRUCTURE blog site. I have republished it here with permission. Official Disclaimer : The views and opinions expressed in this blog are those of the author and do not necessarily reflect the official policy or position of Oracle Corporation. This blog post provides a guide for any managed service provider (MSP) or independent software vendor (ISV) software-as-a-service (SaaS) provider using Oracle Cloud Infrastructure Services (OCI), looking to make their microservices-based containers and custom Kubernetes infrastructure SOC2 compliant. As a service organization, customers might require these MSP or ISV providers to be Service Organization Controls (SOC) compliant according to the end-companies’ industry regulations. Understanding Service Organization Controls compliance SOC reports have the following levels: SOC1, covering internal control over financial reporting (CIFR) SOC2