{"id":11967,"date":"2026-05-15T04:55:39","date_gmt":"2026-05-15T04:55:39","guid":{"rendered":"https:\/\/virconlegal.com\/term\/soc-2-2\/"},"modified":"2026-05-15T05:10:18","modified_gmt":"2026-05-15T05:10:18","slug":"soc-2-2","status":"publish","type":"term","link":"https:\/\/virconlegal.com\/tr\/term\/soc-2-2\/","title":{"rendered":"SOC 2"},"content":{"rendered":"<h3>TLDR:<\/h3>\n<p>SOC 2 (Service Organization Control 2), Amerikan Sertifikal\u0131 Kamu Muhasebecileri Enstit\u00fcs\u00fc (AICPA) taraf\u0131ndan hizmet kurulu\u015flar\u0131n\u0131n g\u00fcvenlik, kullan\u0131labilirlik, i\u015fleme b\u00fct\u00fcnl\u00fc\u011f\u00fc, gizlilik ve mahremiyetle ilgili kontrollerini de\u011ferlendirmek i\u00e7in geli\u015ftirilen bir onay \u00e7er\u00e7evesidir. SOC 2 raporlar\u0131 ba\u011f\u0131ms\u0131z denet\u00e7iler taraf\u0131ndan \u00fcretilir ve ABD kurumsal m\u00fc\u015fterilerine hizmet veren <a href=\"https:\/\/virconlegal.com\/tr\/term\/isletmeden-isletmeye-b2b\/\">B2B<\/a> SaaS \u015firketleri i\u00e7in fiili bir gereksinim haline gelmi\u015ftir.<\/p>\n<h3>G\u00fcven Hizmetleri Kriterleri<\/h3>\n<p>SOC 2 be\u015f &#8220;G\u00fcven Hizmetleri Kriteri&#8221; (TSC) kar\u015f\u0131 kontrolleri de\u011ferlendirir: G\u00fcvenlik (temel, her zaman dahil\u2014yetkisiz eri\u015fime kar\u015f\u0131 korumay\u0131 kapsar), Kullan\u0131labilirlik (sistem \u00e7al\u0131\u015fma s\u00fcresi ve performans), \u0130\u015fleme B\u00fct\u00fcnl\u00fc\u011f\u00fc (sistem i\u015flemesi tam, ge\u00e7erli, do\u011fru, zaman\u0131nda ve yetkilidir), Gizlilik (gizli olarak belirlenen bilgiler korunur) ve Mahremiyet (ki\u015fisel bilgiler uygun \u015fekilde toplan\u0131r, kullan\u0131l\u0131r, saklan\u0131r, a\u00e7\u0131klan\u0131r ve elden \u00e7\u0131kar\u0131l\u0131r). \u015eirketler, m\u00fc\u015fteri gereksinimlerine ve hizmet teklifine g\u00f6re hangi TSC&#8217;leri dahil edeceklerini se\u00e7er.<\/p>\n<h3>Type I vs. Type II<\/h3>\n<p>\u0130ki rapor t\u00fcr\u00fc: SOC 2 Type I, tek bir zamandaki kontrollerin tasar\u0131m\u0131n\u0131 de\u011ferlendirir (haftalar i\u00e7inde elde edilebilir); SOC 2 Type II bir d\u00f6nem boyunca operasyonel etkinli\u011fi de\u011ferlendirir (tipik olarak 6-12 ay, kontrol \u00e7al\u0131\u015fmas\u0131n\u0131n kan\u0131t\u0131n\u0131 gerektirir). Type II \u00f6nemli \u00f6l\u00e7\u00fcde daha titizdir ve \u00e7o\u011fu kurumsal m\u00fc\u015fterinin ger\u00e7ekten istedi\u011fi \u015feydir. Yeni \u015firketler tipik olarak \u00f6nce Type I&#8217;i, ard\u0131ndan ikinci y\u0131ll\u0131k denetim d\u00f6ng\u00fcs\u00fcnde Type II&#8217;yi elde eder.<\/p>\n<h3>SOC 2 Prati\u011fi<\/h3>\n<p>Bir SOC 2 program\u0131 in\u015fa etmek \u015funlar\u0131 i\u00e7erir: denetim kapsam\u0131n\u0131 tan\u0131mlama (hangi hizmetler, hangi TSC&#8217;ler, hangi alt hizmet kurulu\u015flar\u0131), gerekli kontrolleri uygulama (eri\u015fim y\u00f6netimi, de\u011fi\u015fiklik y\u00f6netimi, olay m\u00fcdahale, tedarik\u00e7i y\u00f6netimi, \u015fifreleme, i\u015f s\u00fcreklili\u011fi, vb.), kontrol i\u015fletim kan\u0131t\u0131 toplama, denetim i\u00e7in AICPA lisansl\u0131 CPA firmas\u0131 g\u00f6revlendirme ve tan\u0131mlanan eksiklikleri d\u00fczeltme. \u00d6zelle\u015fmi\u015f &#8220;SOC 2 kutusu&#8221; sat\u0131c\u0131lar\u0131 (Vanta, Drata, Secureframe) uygulamay\u0131 kolayla\u015ft\u0131rmak i\u00e7in ortaya \u00e7\u0131km\u0131\u015ft\u0131r. ABD kurumsal m\u00fc\u015fterileri pe\u015finde ko\u015fan SaaS startup&#8217;lar\u0131 i\u00e7in SOC 2 esasen zorunlu hale gelmi\u015ftir.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>TLDR: SOC 2 (Service Organization Control 2), Amerikan Sertifikal\u0131 Kamu Muhasebecileri Enstit\u00fcs\u00fc (AICPA) taraf\u0131ndan hizmet kurulu\u015flar\u0131n\u0131n g\u00fcvenlik, kullan\u0131labilirlik, i\u015fleme b\u00fct\u00fcnl\u00fc\u011f\u00fc, gizlilik ve mahremiyetle ilgili kontrollerini de\u011ferlendirmek i\u00e7in geli\u015ftirilen bir onay \u00e7er\u00e7evesidir. SOC 2 raporlar\u0131 ba\u011f\u0131ms\u0131z denet\u00e7iler taraf\u0131ndan \u00fcretilir ve ABD kurumsal m\u00fc\u015fterilerine hizmet veren B2B SaaS \u015firketleri i\u00e7in fiili bir gereksinim haline gelmi\u015ftir. G\u00fcven Hizmetleri [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","format":"standard","meta":{"footnotes":""},"categories":[],"class_list":["post-11967","term","type-term","status-publish","format-standard","hentry"],"_links":{"self":[{"href":"https:\/\/virconlegal.com\/tr\/wp-json\/wp\/v2\/term\/11967","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/virconlegal.com\/tr\/wp-json\/wp\/v2\/term"}],"about":[{"href":"https:\/\/virconlegal.com\/tr\/wp-json\/wp\/v2\/types\/term"}],"author":[{"embeddable":true,"href":"https:\/\/virconlegal.com\/tr\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/virconlegal.com\/tr\/wp-json\/wp\/v2\/comments?post=11967"}],"version-history":[{"count":1,"href":"https:\/\/virconlegal.com\/tr\/wp-json\/wp\/v2\/term\/11967\/revisions"}],"predecessor-version":[{"id":12301,"href":"https:\/\/virconlegal.com\/tr\/wp-json\/wp\/v2\/term\/11967\/revisions\/12301"}],"wp:attachment":[{"href":"https:\/\/virconlegal.com\/tr\/wp-json\/wp\/v2\/media?parent=11967"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/virconlegal.com\/tr\/wp-json\/wp\/v2\/categories?post=11967"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}