What is SOC 2?

SOC 2 (Service Organization Control 2) is an auditing standard developed by the American Institute of Certified Public Accountants (AICPA) for service providers that store customer data in the cloud. SOC 2 defines a set of criteria for evaluating a company's information systems, specifically those related to security, availability, processing integrity, confidentiality, and privacy.

Why is SOC 2 compliance important?

A SOC 2 report is an independent auditor's opinion on whether the service provider's controls are designed and operating effectively to meet the criteria specified by SOC 2. The report can provide assurance to customers and other stakeholders that the service provider has implemented adequate controls to protect their data and ensure its availability and integrity. SOC 2 reports are often requested by customers as a way of evaluating the security and compliance of potential service providers.