Back to glossary


SOC 2 is a compliance and privacy standard that specifies how organizations should manage customer data and related systems in order to ensure confidentiality, integrity, and availability. The standard is designed for service organizations – cloud providers, software as a service (SaaS) vendors, and other organizations that provide web-based services. 

The SOC 2 standards are based on the Trust Services Criteria, a set of principles and controls developed by the American Institute of Certified Public Accountants (AICPA). To achieve SOC 2 compliance, an organization must undergo an independent audit and demonstrate that it has implemented appropriate processes to protect its systems and data.