SOC 1 Type 2 - An assessment addressing the design of a company's internal financial controls

SOC 1 is a framework of internal control requirements for a service organization implemented to protect Red Hat client-owned data. SOC 1 applies to businesses that directly interact with financial information for customers or partners. Type 2 reports review the security of financial controls over a specified period of time. This is typically a range of 9 to 12 months. The review includes an evaluation of the controls and related evidence. This review is conducted annually to remain compliant.

For information about Microsoft Azure Red Hat OpenShift (ARO), please see the Azure compliance documentation.