Your security and compliance glossary

All the terms you need to know when you’re trying to get compliance audit ready, fast.

Show filters
Blogs
Events
Glossary
Guides and reports

Follow us

Linkedin iconFacebook icontwitter iconinstagram icon

What is a SOC 2 auditor?

To obtain a SOC 2 audit and report, an organization’s security measures must be reviewed and verified by a certified auditor. Only licensed CPA firms can perform a SOC 2 examination.


SOC auditors are independent CPAs who work with the SOC (System and Organization Controls) suite to evaluate and report on the controls in place at a service organization, relevant to a set of criteria known as the Trust Services Criteria: Security, Availability, Processing Integrity, Confidentiality, or Privacy. A SOC 2 auditor’s independent verification of an organization’s security systems is intended to help service organizations provide their customers and prospects with valuable information about how they manage data and information security.


Working with a CPA and certified SOC 2 auditor is a key part of obtaining a SOC 2 report.

Related Terms

Additional resources you might like:

Vendor Risk Management
Events
AI broke your Third Party Risk Management program. Now what?

In this webinar, we'll show you exactly where traditional TPRM breaks down in an AI-first world, and how one team rebuilt their program to actually keep up.

Compliance
Events
Learn how to automate compliance for SOC 2, ISO 27001, and more

Register to learn how Vanta’s Agentic Trust Platform helps fast-moving startups and security teams get audit-ready fast and stay continuously compliant.

Compliance
Blog
How do you perform quarterly access reviews?

Without periodic access reviews, former employees may retain access to sensitive data after termination. Learn how to perform effective quarterly access reviews.

Additional resources you might like:

Vendor Risk Management
Events
AI broke your Third Party Risk Management program. Now what?

In this webinar, we'll show you exactly where traditional TPRM breaks down in an AI-first world, and how one team rebuilt their program to actually keep up.

Compliance
Events
Learn how to automate compliance for SOC 2, ISO 27001, and more

Register to learn how Vanta’s Agentic Trust Platform helps fast-moving startups and security teams get audit-ready fast and stay continuously compliant.

Compliance
Blog
How do you perform quarterly access reviews?

Without periodic access reviews, former employees may retain access to sensitive data after termination. Learn how to perform effective quarterly access reviews.

Product updates
Events
Turn Every Promise into Predictable Trust: Customer Commitments in Action

Watch on demand for a demo of Customer Commitments and learn how Vanta turns contracts into structured, actionable intelligence.

SOC 2
Events
SOC 2 Basics: A 30 Minute Guide for Startups

Watch on demand to get a clear, founder-friendly intro to SOC 2 in just 30 minutes.

Compliance
Blog
Government contracting compliance 101: Everything you should know

Understand the regulations and standards government contractors must meet—and the challenges involved.

Compliance
Events
Beyond the Checkbox: Scaling Compliance Across European Regulations

Watch to learn how to scale your compliance program across NIS2, DORA, and the EU AI Act — without duplicating controls or overwhelming your team.

GDPR
Blog
How to make your website GDPR compliant in 8 steps

Learn the essential steps to achieve GDPR compliance for your website. Click here to learn the requirements and organizational benefits of GDPR compliance.

Compliance
Blog
Compliance risk: A guide to assess and manage it effectively

A guide to help you navigate the growing complexity of managing compliance risk.

Get compliant and build trust—fast

Request a demo
G2 Badge Winter 2026 LeaderG2 Badge Winter 2026 Enterprise LeaderG2 Badge Milestone 'Users Love Us'