Term: SOC2

SOC 2, which stands for Systems and Organization Controls 2, is a security and compliance standard developed by the American Institute of CPAs (AICPA). It focuses on how organizations should protect customer data from unauthorized access, security incidents, and vulnerabilities.

The SOC 2 is a voluntary compliance standard designed to support service providers and to deliver guidance on the management of customer information.

The AICPA outlines five Trust Service Principles, each addressing a different area of compliance and defining rigid certification requirements.

The five principles under SOC2 are:
- Privacy — Reports on access control, encryption, and two-factor authentication within the organization.
- Security — Reports on the level of intrusion detection alongside the use of network and app firewalls and audits two-factor authentication.
- Availability — Reports on security incident handling, performance monitoring, and disaster recovery metrics.
- Processing Integrity — Reports on quality assurance and processing monitoring within the organization.
- Confidentiality — Reports on access controls, encryption, and network and application firewall usage.

Organizations can protect customer information both in terms of privacy and security by complying with SOC 2.

« Back to Glossary Index

Join the community

If you like our casual and playful attitude towards compliance, you should join our community of compliance professionals to get the latest news and events:

By Solution

Compliance Assessment

Vendor Management

Automated Compliance Monitoring

Trust Center

Resources

Articles & Blog

Governance Glossary

Privacy & Security Training

Term: SOC2

Quick Navigation

Be The Hero That Ends Compliance Chaos