SOC 2
SOC 2 (Service Organisation Control 2) is a US audit standard issued by the AICPA that has become an international benchmark for proving the maturity of a SaaS provider with respect to customer data management.
SOC 2 (Service Organisation Control 2) is a US audit standard issued by the AICPA that has become an international benchmark for proving the maturity of a SaaS provider with respect to customer data management.
It is structured around five Trust Service Criteria: security (mandatory), availability, processing integrity, confidentiality and privacy. The report is produced by an independent audit firm and exists in two flavours: Type I (point in time) and Type II (over a 6–12 month period).
Many B2B companies require a SOC 2 Type II before signing a contract with a SaaS provider that hosts their data. Platforms such as Vanta, Drata or Secureframe automate much of the compliance process.