What is SOC 2

SOC 2—System and Organization Controls 2—establishes criteria to help your organization manage and protect sensitive customer data. The American Institute of CPAs (AICPA) developed SOC 2 criteria for reporting and auditing processes, which are based on five trust service criteria (TSC):

• Security
• Availability
• Processing integrity
• Confidentiality
• Privacy

Unlike more stringent frameworks such as the Cybersecurity Maturity Model Certification (CMMC) or PCI DSS, SOC 2 is not a regulatory requirement. However, demonstrating your organization meets SOC 2 criteria is a great way to show your customers, partners, and key stakeholders that your company values and applies SOC 2 standards for product or service delivery. And many organizations submit themselves to SOC 2 audits to provide attestations of compliance to their customers.