SOC 2

More Terms

HIPAA
ISO 27001
GRC
SOC reports
SOC 1
SOC 2
SOC 3
SSAE 16
SSAE 18
AICPA
SOC 2 auditor
SOC Trust Services Criteria
Compliance risk management
IT security policy
Vendor management policy
Vendor review
Vendor assessment
Security questionnaire
Compliance software
HIPAA employee training
HIPAA Rules
ISO27001 security standard

What is SOC 2? Developed by the American Institute of CPAs (AICPA), SOC 2 defines criteria for managing customer data based on five “trust service principles”—security, availability, processing integrity, confidentiality and privacy.

SOC 2 reports are unique to each organization. In line with specific business practices, each designs its own controls to comply with one or more of the trust principles. These internal reports provide you (along with regulators, business partners, suppliers, etc.) with important information about how your service provider manages data.

There are two types of SOC reports:

  • Type I describes a vendor’s systems and whether their design is suitable to meet relevant trust principles as of a specified date
  • Type II details the operational effectiveness of those systems throughout a specified period.

You may want to pursue a SOC 2 report if you handle customer data and/or you work with larger enterprises who will want to ensure that you are a secure vendor.

Go back to glossary

Everything you need to get compliance audit ready, fast

Get Started
About
Careers
Glossary
Privacy PolicyTerms & Conditions
Vanta Inc. © -
We'll email you within 24 hours
Please enter your first name
Please enter your last name
Please enter a valid email address
Please enter your company website
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.