Term: SOC2

SOC 2, which stands for Systems and Organization Controls 2, is a security and compliance standard developed by the American Institute of CPAs (AICPA). It focuses on how organizations should protect customer data from unauthorized access, security incidents, and vulnerabilities.

The SOC 2 is a voluntary compliance standard designed to support service providers and to deliver guidance on the management of customer information.

The AICPA outlines five Trust Service Principles, each addressing a different area of compliance and defining rigid certification requirements.

The five principles under SOC2 are:
- Privacy — Reports on access control, encryption, and two-factor authentication within the organization.
- Security — Reports on the level of intrusion detection alongside the use of network and app firewalls and audits two-factor authentication.
- Availability — Reports on security incident handling, performance monitoring, and disaster recovery metrics.
- Processing Integrity — Reports on quality assurance and processing monitoring within the organization.
- Confidentiality — Reports on access controls, encryption, and network and application firewall usage.

Organizations can protect customer information both in terms of privacy and security by complying with SOC 2.

« Back to Glossary Index

By Solution

Trust Hub

My Vendors

Trust Center

Marketing Risk Radar

By Use Case

One-Click Vendor Assessment

Get Your Trust Center

Vendor Management

Automated Vendor Monitoring

By Regulation

GDPR (EU)

CCPA/CPRA (California)

VCDPA (Virginia)

About Us

How It Works?

Pricing

Why should you use hoggo?

Articles & Blog

Privacy Resources

Newsletter

Privacy Glossary

Privacy & Security Training

The Oregon Consumer Privacy Act (OCPA) – Overview

Term: SOC2

Solutions

Other

Legal