GLOSSARY
SOC 2
Terms
What is SOC 2?
Developed by the American Institute of CPAs (AICPA), SOC 2 defines criteria for managing customer data based on five “trust service principles”—security, availability, processing integrity, confidentiality and privacy.
SOC 2 reports are unique to each organization. In line with specific business practices, each designs its own controls to comply with one or more of the trust principles. These internal reports provide you (along with regulators, business partners, suppliers, etc.) with important information about how your service provider manages data.
There are two types of SOC reports:
- Type I describes a vendor’s systems and whether their design is suitable to meet relevant trust principles as of a specified date
- Type II details the operational effectiveness of those systems throughout a specified period.
You may want to pursue a SOC 2 report if you handle customer data and/or you work with larger enterprises who will want to ensure that you are a secure vendor.
Vanta is the easy way to get SOC 2, HIPAA, or ISO 27001 compliant. Over 1000 fast-growing companies trust Vanta to automate their security monitoring and get ready for security audits in as little as two weeks. Simply connect your tools to Vanta, fix the gaps on your dashboard, and then work with a Vanta-trained auditor to complete your audit. We'll guide you throughout the process and help tailor your security monitoring and compliance to meet the needs of you and your customers. Vanta was founded in 2017 and headquartered in San Francisco.
Vanta automates compliance starting with SOC 2