Service Organization Control 2 (SOC 2)
AICPA audit framework evaluating a service provider's controls around security, availability, and confidentiality.
In long form.
SOC 2 is an audit framework developed by the AICPA for service providers that store customer data in the cloud. It evaluates controls across five Trust Service Criteria: security, availability, processing integrity, confidentiality, and privacy. Type I assesses control design at a point in time; Type II assesses operating effectiveness over a period (usually 6–12 months). SOC 2 Type II is the standard expectation for B2B SaaS and many financial services vendors.
Financial services and enterprise procurement teams routinely require SOC 2 Type II reports before signing. Smaller consultancies typically operate under client-side controls rather than carrying SOC 2 themselves.
Talk to us about your engagement.
Discovery calls are free. Scope, timelines, and pricing are quoted after we understand what you’re solving.