SOC 2 is a compliance standard for service organizations, developed by the American Institute of CPAs (AICPA), which specifies how organizations should manage customer data. A SOC 2 report defines criteria for managing customer data based on five aspects: security, availability, processing integrity, confidentiality and privacy. The report may differ between organizations, as each organization can follow its business practices and should meet its principles of trust. The report is audited by professional audit firms to provide assurance that the controls included are in place and operate effectively. There are two types of SOC 2 reports: Type 1 describes the organization’s frameworks and whether their design complies with the relevant trust principles. Type 2 details the operational effectiveness of these frameworks.
