Service Organization Control Type 2 (SOC 2) is a cybersecurity compliance framework ensuring organizations protect their client data

What is SOC 2?


Service Organization Control Type 2 (SOC 2) is the most sought-after cybersecurity compliance framework for SaaS companies. It was developed by the American Institute of Certified Public Accounts (AICPA) to ensure organizations protect client data from unauthorized use or access. The AICPA based SOC 2 around the Trust Services Principles and Criteria which contains 5 pillars: security, availability, processing integrity, confidentiality, and privacy.


An organization can acquire a SOC 2 certification by defining the controls and security protocols they have in place for each of the 5 pillars. Certification also requires successful completion of a rigorous audit conducted by an AICPA-affiliated CPA who reviews and tests the cybersecurity controls the organization has in place.