Skip links

Term: SOC2

SOC 2, which stands for Systems and Organization Controls 2, is a security and compliance standard developed by the American Institute of CPAs (AICPA). It focuses on how organizations should protect customer data from unauthorized access, security incidents, and vulnerabilities. 

The SOC 2 is a voluntary compliance standard designed to support service providers and to deliver guidance on the management of customer information.

The AICPA outlines five Trust Service Principles, each addressing a different area of compliance and defining rigid certification requirements.

  • The five principles under SOC2 are:
    • Privacy — Reports on access control, encryption, and two-factor authentication within the organization.
    • Security — Reports on the level of intrusion detection alongside the use of network and app firewalls and audits two-factor authentication.
    • Availability — Reports on security incident handling, performance monitoring, and disaster recovery metrics.
    • Processing Integrity — Reports on quality assurance and processing monitoring within the organization.
    • Confidentiality — Reports on access controls, encryption, and network and application firewall usage.

Organizations can protect customer information both in terms of privacy and security by complying with SOC 2.

« Back to Glossary Index