GlossaryInformation security

SOC 2

A US attestation report on a service organization's controls relevant to security, availability, processing integrity, confidentiality, and privacy.

SOC 2 is an attestation framework from the AICPA based on the Trust Services Criteria. An independent auditor reports on whether a service provider's controls are suitably designed and, in a Type II report, operating effectively over a period.

It is widely requested by customers in North America as evidence that a SaaS or service provider manages security responsibly. Unlike ISO/IEC 27001, it results in an audit report rather than a certificate.

Related frameworks

SOC 2

Run BCMS, ISMS, DSMS, and AIMS as one system

Book a demo

SOC 2

Run BCMS, ISMS, DSMS, and AIMS as one system

Product

Frameworks

Solutions

Services

Resources

Company

Legal

SOC 2

Run BCMS, ISMS, DSMS, and AIMS as one system

Product

Frameworks

Solutions

Services

Resources

Company

Legal