The ITS Colocation Data Center team at USC has officially achieved SOC 2 certification, marking a major milestone in the university’s commitment to data security, operational excellence, and industry best practices. SOC, which stands for System and Organization Controls, is a framework developed by the American Institute of Certified Public Accountants (AICPA) to evaluate an organization’s internal controls related to security, availability, confidentiality, and more.
This certification, based on a rigorous Type 1 audit, affirms that the Colocation Data Center has established robust security practices and implemented those controls effectively at a specific time. It offers formal, third-party validation of the team’s ability to safeguard sensitive systems and data—an increasingly vital concern in today’s digital landscape.
“Pursuing SOC 2 certification was important for ITS to demonstrate our commitment to security and data protection,” said Lou Ramirez, who supported the certification effort. “It ensures we meet industry standards and build trust with our customers and partners.”
The audit process began in January 2024, when ITS engaged a third-party firm to conduct a readiness assessment and provide recommendations. From there, the team worked diligently to identify gaps, implement new security measures, and coordinate across ITS and other USC entities to prepare for the formal audit on December 2–5, 2024. The final report—USC’s SOC 2 Type 1 certification for its unmanaged colocation data center services—was issued in March 2025.
“The SOC 2 process required dedicated effort over an extended period,” said Ramirez. “We conducted internal reviews, updated documentation, enhanced protocols, and worked collaboratively to ensure we met all compliance standards.”
The audit evaluated several Trust Services Criteria and related control areas, including Logical Security, Monitoring and Alerting, Incident Management, Risk and Vendor Management, Executive Management Oversight, Change Management, Communication (internal and external), and People Management. Throughout the process, the ITS team confirmed existing strengths and identified opportunities for continuous improvement, such as more frequent policy and procedure reviews.
This accomplishment aligns with broader ITS goals of operational maturity and reinforces the department’s strategic focus on security, compliance, and continuous improvement.
“SOC 2 Type 1 certification highlights ITS’s dedication to maintaining high standards of security,” Ramirez added. “It provides assurance that our data is handled securely, reduces risk, and enhances overall trust in ITS’s services.”
Looking ahead, ITS plans to pursue a SOC 2 Type 2 audit, which will further demonstrate its ability to maintain secure and reliable controls over time.
“This is a message of pride and assurance to the USC community,” said Ramirez. “It underscores our commitment to excellence and protecting the university’s digital infrastructure.”