Back to glossary

SOC 2

An auditing procedure that ensures your service providers securely manage your data to protect the interests of your organization and the privacy of its clients.

AbbreviationSOC 2
Categorysecurity

Overview

Service Organization Control 2 (SOC 2) is a voluntary compliance standard for service organizations, developed by the American Institute of CPAs (AICPA), which specifies how organizations should manage customer data. The standard is based on the following Trust Services Criteria:

Trust Services Criteria

  1. Security: Protection against unauthorized access.
  2. Availability: The system is available for operation and use as committed or agreed.
  3. Processing Integrity: System processing is complete, valid, accurate, timely, and authorized.
  4. Confidentiality: Information designated as confidential is protected.
  5. Privacy: Personal information is collected, used, retained, disclosed, and disposed of in conformity with the commitments in the service organization’s privacy notice.

Report Types

  • Type I: Describes the organization's systems and whether their controls are suitably designed as of a specific date.
  • Type II: Tests the operational effectiveness of those controls over a period of time (usually 6-12 months).

Related Terms

ComplianceData PrivacyRisk Assessment