Skip to main content



An information security operations centre (ISOC) or security operations centre (SOC) is a facility where enterprise information systems or business assets are monitored, assessed and defended. Enterprise information systems can include websites, applications, databases, data centres, servers, networks, desktops, and other endpoints. A SOC is related to the people, processes and technologies that provide situational awareness through the detection, containment, and remediation of IT and/or other threats in order to manage and enhance an organisation's security posture.

A SOC will handle, on behalf of an institution or company, any threatening (IT or other) incident, and will ensure that it is properly identified, analysed, communicated, investigated and reported. The SOC also monitors applications or operational assets to identify a possible (cyber-)attack or intrusion (event) and determines if it is a genuine malicious threat (incident), and if it could affect business operations. SOCs typically have a 27/7 operation running in shifts and can include 2nd line support and field agents. Some SOCs and ISOCs are shared between several organisations to reduce costs and learn from each other’s incidents. SOCs for physical security can be on site or remote and is equipped for access monitoring, and controlling of lighting, alarms, and vehicle barriers.

Related Keywords: IT security, physical security, cyber security monitoring, situational awareness, cyber awareness, emergency response room, security defence centre (SDC), security analytics centre (SAC), network security operations centre (NSOC), security intelligence centre, cyber security centre, threat defence centre, security intelligence and operations centre (SIOC)