Your security and compliance glossary

All the terms you need to know when you’re trying to get compliance audit ready, fast.

Show filters

What is SOC 2 compliance?

SOC 2 defines criteria for managing customer data based on five “trust service principles”—security, availability, processing integrity, confidentiality and privacy. SOC 2 compliance was developed by the American Institute of CPAs (AICPA).


SOC 2 compliance reports are unique to each organization. In line with specific business practices, each designs its own controls to comply with one or more of the trust principles. These internal reports provide you (along with regulators, business partners, suppliers, etc.) with important information about how your service provider manages data.


There are two types of SOC compliance reports:


  • Type I describes a vendor’s systems and whether their design is suitable to meet relevant trust principles as of a specified date
  • Type II details the operational effectiveness of those systems throughout a specified period.


You may want to pursue a SOC 2 report if you handle customer data and/or you work with larger enterprises who will want to ensure that you are a secure vendor.

{{cta_withimage1="/cta-modules"}}

Additional resources you might like:

GRC
Events
AI and Trust: Navigating Maturity, Influence, and Risk

Join Ashish Rajan, CISO at Kaizenteq, and Faisal Khan, GRC Subject Matter Expert at Vanta for a tactical conversation on what it really takes to mature compliance, risk, and trust in the age of AI

Compliance
Guide / Report
The ultimate guide to FedRAMP: A requirements guide for authorization

Learn about FedRAMP authorization, from impact levels to compliance steps, to unlock opportunities with U.S. federal agencies.

Compliance
Events
Secure from the Start: How Founders Build Compliance Into Early-Stage Growth

Hear from the Head of Information Security at Robin AI and the Co-Founder & CEO of Pavlov as they share how they embedded security and compliance into their startup journey, without slowing down innovation.

Additional resources you might like:

GRC
Events
AI and Trust: Navigating Maturity, Influence, and Risk

Join Ashish Rajan, CISO at Kaizenteq, and Faisal Khan, GRC Subject Matter Expert at Vanta for a tactical conversation on what it really takes to mature compliance, risk, and trust in the age of AI

Compliance
Guide / Report
The ultimate guide to FedRAMP: A requirements guide for authorization

Learn about FedRAMP authorization, from impact levels to compliance steps, to unlock opportunities with U.S. federal agencies.

Compliance
Events
Secure from the Start: How Founders Build Compliance Into Early-Stage Growth

Hear from the Head of Information Security at Robin AI and the Co-Founder & CEO of Pavlov as they share how they embedded security and compliance into their startup journey, without slowing down innovation.

Compliance
Events
Building Trust in the AI Boom: Security, Capital, and Credibility from Day One

Join the CFOs of Vanta and Mercury for a tactical conversation on how early-stage teams can build trust with investors and buyers, without slowing down.

Compliance
Events
Live Demo: Accelerate security and compliance workflows with AI

Join us for a live demo where we’ll walk you through the AI functionality within the Vanta platform and how it can simplify your compliance process. Plus, you’ll have the opportunity to ask live questions—whether it’s about AI specifically, compliance, or how to get started with Vanta.

Product updates
Events
AI-Powered Risk Management

Watch on-demand to see our new AI-driven features that help you reduce manual work, flag gaps in evidence, and streamline workflows with Slack integrations and continuous monitoring.

Vendor Risk Management
Events
Live Demo: Navigating Third-Party Risk Through Vanta’s Vendor Risk Management

Watch on-demand for a live demo that showcases Vanta’s Vendor Risk Management solution. Well share how we can help automate and streamline security reviews so that you can spend less time on repetitive work and more time strengthening your security posture.

Compliance
Events
Product Demo: Automating Compliance for ISO 27001, GDPR and more with Vanta

Watch on-demand to explore how Vanta's automation can streamline your compliance efforts and save you time and money - all while helping you build customer trust.

Compliance
Events
Live-Produktdemo: ISO 27001- und SOC 2-Compliance mit Vanta einfach umsetzen

Der Nachweis von Compliance mit einem Sicherheitsrahmensystem wie ISO 27001 oder SOC 2 ist nicht nur für den Ausbau Ihres Unternehmens und die Beschaffung von Kapital unverzichtbar, sondern schafft auch die so wichtige Vertrauensbasis.