What is SOC 2?

Service Organization Control 2 (SOC 2) is an audit requirement of the American Institute of CPAs (AICPA) relating to data security, availability, and privacy. The purpose of SOC 2 is to ensure that best practices and security policies are being followed to protect consumers' personal information and privacy.

SOC 2 helps build trust between service providers (like cloud storage companies) and their customers (businesses that use those services).

SOC 2 focuses on five key trust service principles:

• Security: Safeguarding customer data from unauthorized access, breaches, and other threats.
• Availability: Ensuring customer data and systems are accessible when needed.
• Processing Integrity: Guaranteeing the accuracy and completeness of data during processing.
• Confidentiality: Keeping customer data confidential and only accessible to authorized individuals.
• Privacy: Respecting customer privacy by following data protection regulations.

See Also:

• What is a SOC?
• ROC-n-SOC: Creating Risk Operations Centers to Support SOCs
  
  

Return to Cybersecurity Framework and Standards Glossary