SOC 介绍

下载 SOC 2
下载 SOC 3



审计是根据美国注册会计师协会 (AICPA) 制定的 SOC 2 可信服务标准与安全、可用及机密性相关的原则标准的独立审计。

SOC 2 报告以独立第三方审计公司的意见作为结论,体现了盖雅内部控制描述的客观性。同时审计事务所对盖雅内部控制的合理性进行评估,包括控制是否在指定周期内执行,是否执行有效。

SOC 2和SOC 3 报告都是根据SSAE 18标准进行的认证检查,主要区别在于SOC 2包含了详细的内控信息,是受控访问的报告,而SOC 3是SOC 2报告的精简版本,是面向公众的报告。


Function : EN

我方得悉安永华明会计师事务所(特殊普通合伙)上海分所(“安永”)已获苏州盖雅信息技术有限公司(“客户”)委托,提供SOC 2 类型二报告鉴证服务(“服务”)。我方已要求客户向我方提供安永就服务编撰的服务机构鉴证报告副本(包括当中任何部分、摘要及/或概要,称为“报告”)。


本服务不构成(1)按照公认审计准则对财务报表的审计、审阅或查核;(2)按照美国注册会计师协会/香港会计师公会/中国注册会计师协会或其他相关的注册会计师协会的专业准则对预期财务报表的查核;或(3) 发现舞弊或非法行为的程序。本服务也不包括执行任何程序以测试任何司法管辖区法律或法规的遵循情况。





您需要对您通过盖雅官方渠道获取到SOC 2 Type II 报告承担相关保密责任,不得修改、散发报告或将报告传阅给第三方。如因您的违规行为造成盖雅及相关方财产或其他相关损失,您需要依照有关法律、法规、规章承担全部赔偿责任。

  • 提交信息

Non-disclosure Agreement


Ernst & Young Hua Ming LLP Shanghai Branch (“EY”) has prepared the attached report (the “Report”) for the sole benefit and use of Suzhou GaiaWorks IT Co., Ltd. (the “Company”), and, for limited purposes in accordance with the requirements of the American Institute of Certified Public Accountants (the “AICPA”), the Company’s existing user entities and their auditors. In addition, certain prospective user entities, identified by the Company (collectively, each a “Recipient”), may have access to the Report subject to the terms of this agreement.

Your access to the Report is subject to your agreement, on behalf of yourself and the Recipient, to the terms and conditions set forth below. Please read them carefully.

By clicking on the “I ACCEPT” button below, you signify that you and the Recipient agree to be bound by these terms and conditions. Such acceptance and agreement shall be deemed to be as effective as a written signature by you, on behalf of yourself and the Recipient, and this agreement shall be deemed to satisfy any writings requirement of any applicable law. Distribution or disclosure of any portion of the Report or any information or advice contained therein to persons other than the Company is prohibited, except as provided below.

1. EY was engaged by the Company to perform a Type 2 Examination of controls at the Company in accordance with the criteria for a description of a service organization’s system set forth in the Description Criteria DC section 200, 2018 Description Criteria for a Description of a Service Organization’s System in a SOC 2 Report (the “Description Criteria”) and the suitability of the design and operating effectiveness of controls included in the Description throughout the period from December 1, 2019 to May 31, 2020 to provide reasonable assurance that the service commitments and system requirements were achieved based on the trust services criteria for Security, Availability, Confidentiality and Privacy set forth in TSP section 100, 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (the “applicable trust services criteria”). The Recipient has requested the Company to provide it with a copy of the Report prepared by EY in connection with such engagement.

2. The Services were undertaken, and the Report was prepared, solely for the benefit and use of the Company, its existing user entities, and their auditors, and was not intended for any other purpose, including the use by prospective user entities of the Company. EY has made no representation or warranty to the Recipient as to the sufficiency of the Services or otherwise with respect to the Report. Had EY been engaged to perform additional services or procedures, other matters might have come to EY’s attention that would have been addressed in the Report.

3. The Services did not (a) constitute an audit, review or examination of financial statements in accordance with generally accepted auditing standards of the AICPA or the standards of the Public Company Accounting Oversight Board, (b) constitute an Examination of prospective financial statements in accordance with applicable professional standards or (c) include procedures to detect fraud or illegal acts to test compliance with the laws or regulations of any jurisdiction.

4. The Recipient (a) does not acquire any rights against EY, any other member firm of the global Ernst & Young network, or any of their respective affiliates, partners, agents, representatives or employees (collectively, the “EY Parties”), and EY assumes no duty or liability to the Recipient, in connection with the Services or its access to the Report; (b) may not rely on the Report; and (c) will not contend that any provisions of United States or state securities laws could invalidate or avoid any provision of this agreement.

5. Except where compelled by legal process (of which the Recipient shall promptly inform EY so that EY may seek appropriate protection), the Recipient will not disclose, orally or in writing, any Report or any portion thereof, or make any reference to EY in connection therewith, in any public document or to any third party.

6. The Recipient (for itself and its successors and assigns) hereby releases each of the EY Parties, from any and all claims or causes of action that the Recipient has, or hereafter may or shall have, against them in connection with the Report, the Recipient’s access to the Report, or EY’s performance of the Services. The Recipient shall indemnify, defend and hold harmless the EY Parties from and against all claims, liabilities, losses and expenses suffered or incurred by any of them arising out of or in connection with (a) any breach of this agreement by the Recipient or its representatives; and/or (b) any use or reliance on the Report by any party that obtains access to the Report, directly or indirectly, from or through the Recipient or at its request.

7. This agreement shall be governed by, and construed in accordance with, the laws of the People’s Republic of China applicable to agreements made and fully to be performed therein by residents thereof.

By entering your company information and your email you agree to be bound to the terms of this Agreement. If you are entering into this Agreement for an entity, such as the company you work for, you represent to us that you have legal authority to bind that entity.

  • Submit