Alibaba Cloud System and Organization’s Controls (SOC) Reports are independent third-party audit reports concerning the internal controls over the services offered by Alibaba Cloud as a service organization. The SOC Reports are valuable resources for Alibaba Cloud’s customers and their auditors to understand the organization controls and assess the risks associated with their outsourced services. Alibaba Cloud’s customers can review our system and organization controls by accessing the following SOC Report:

SOC 2 Type 2 Report: This report describes Alibaba Cloud’s internal controls based on the specific criteria outlined in DC section 200 entitled, Description Criteria for a Description of a Service Organization’s System in a SOC 2® Report with an opinion from the independent auditor to assure that the controls have been designed and operated effectively to achieve the AICPA Trust Services Criteria relevant to security, availability, and confidentiality outlined in TSP section 100 entitled, Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy.

Alibaba Cloud issues SOC reports twice a year with a reporting period of 12 months on a continuous rolling basis (1 April to 31 March and 1 October to 30 September). The latest SOC reports are available in May and November each year.

Alibaba Cloud SOC Reports are available to Alibaba Cloud customers in Alibaba Cloud Compliance Repository.