SOC 2 and SOC 3 Reports

We Keep Your Data Safe

AICPA SOC

Clean Power Research Complies with SOC 2 Security Standards

Clean Power Research cloud software services comply with Service Organization Controls standards for operational security, availability and confidentiality.

The American Institute of Certified Public Accountants (AICPA) developed the Service Organization Controls (SOC) framework to serve as a standard for controls that maintain the confidentiality and privacy of information stored and processed in the cloud. This aligns with the International Standard on Assurance Engagements (ISAE), the reporting standard for international service organizations.

Audits utilizing the SOC framework can be “SOC 1” or “SOC 2”. A SOC 2 audit examines a cloud service provider’s system based on the AICPA Trust Service Principles and Criteria. SOC 2 applies to Clean Power Research’s services.

At the conclusion of a SOC 2 audit, the service auditor delivers an opinion in a SOC 2 Type 2 report, which describes the service provider’s system and assesses the fairness of the service provider’s description of its controls. It also evaluates whether the service provider’s controls are designed appropriately, were in operation on a specified date, and were operating effectively over a specified time period.

A SOC 3 report is a shortened summary of the SOC 2 Type 2 audit report. It is made available for users who want assurance about the service provider’s controls but don’t need a full SOC 2 report. A SOC 3 report can be conferred by the service auditor only in cases where the service provider receives an unqualified audit opinion for SOC 2.

Frequently Asked Questions

What is documented in the Clean Power Research SOC Reports?
Clean Power Research’s SOC 2 and SOC 3 Reports document Security, Availability and Confidentiality controls in place to support Clean Power Research cloud service operations and compliance.
What Clean Power Research software services are covered by the SOC Reports?
The SOC reports cover the products and services in the PowerClerk, SolarAnywhere and WattPlan families with the exception of PowerClerk v1. PowerClerk v1 is the legacy version of PowerClerk; customers are no longer onboarded to this platform.
Who performs the independent third-party audit of Clean Power Research’s software services for the SOC reports?

The external service auditor—the entity performing the audit and preparing the SOC reports—for Clean Power Research’s services is Moss Adams LLP.

How often are the Clean Power Research SOC Reports issued and when will an update be released?
Clean Power Research issues SOC 2 and SOC 3 Reports annually. For 2018, the reports cover the period from April 1, 2018 to June 30, 2018. For 2019 and beyond, the reports will cover annual periods. New reports are released in mid-September.
Is a non-disclosure agreement (NDA) required to receive the Clean Power Research SOC Reports?
SOC 2 Reports are provided based on legitimate business need. However, before we are able to provide your organization with a SOC 2 report, you will need to enter into a specific, one-way non-disclosure agreement (NDA) with Clean Power Research. The SOC 3 report is a summary of the SOC 2 report and does not require an NDA.
How is the SOC 3 Report different from the SOC 2 report?
The SOC 3 report is a shorter form summary that outlines how the audited Clean Power Research services meet the AICPA’s Trust Security Principles in SOC 2 and includes the external auditor’s opinion of the operation of controls.

Request an SOC Report