Back to Glossary
Governance
SOC 2
Quick Definition
System and Organization Controls 2 — an auditing standard that evaluates a service organisation's controls for security, availability, processing integrity, confidentiality, and privacy.
Detailed Explanation
SOC 2 is developed by the AICPA and is the most commonly requested compliance certification for SaaS and cloud service providers. It evaluates controls across five Trust Service Criteria: Security (mandatory), Availability, Processing Integrity, Confidentiality, and Privacy (optional).
SOC 2 Type I evaluates controls at a point in time. SOC 2 Type II evaluates controls over a period (typically 6-12 months) and is considered more rigorous.
SOC 2 compliance is increasingly required by enterprise customers before purchasing cloud services — it demonstrates that the provider takes security seriously.
Related Terms
Relevant Frameworks
AICPASOC