// THREAT DETECTION AND DATA PRIVACY TERM
SOC 2
SOC 2 is an auditing procedure that ensures your service providers securely manage your data to protect the interests of your organization and the privacy of its clients. It is based on a set of standards called the Trust Services Criteria, which cover security, availability, processing integrity, confidentiality, and privacy.
TECHNICAL DEFINITION
SOC 2 (Service Organization Control 2) is a compliance framework and audit report developed by the American Institute of CPAs (AICPA) for service organizations, particularly SaaS companies, that store customer data in the cloud. The audit assesses the effectiveness of internal controls related to one or more of the five Trust Services Criteria: Security (Common Criteria), Availability, Processing Integrity, Confidentiality, and Privacy.
BACKGROUND
Computer security is a subdiscipline within the field of information security. It focuses on protecting computer software, systems, and networks from threats that can lead to unauthorized information disclosure, theft, or damage to hardware, software, or data, as well as to the disruption or misdirection of the services they provide.
READ MORE ON WIKIPEDIASYNONYMS & ALIASES
- Service Organization Control 2
- SOC 2 Report
- SOC 2 Audit
- Trust Services Criteria
- SSAE 18
- AT-C section 205
USAGE NOTE
A SOC 2 report is frequently requested during enterprise sales cycles and vendor due diligence to verify a company's security and data protection practices.
DEVELOPERS
Organizations developing technology related to SOC 2.
Vanta provides a security and compliance automation platform that helps companies streamline the process of achieving and maintaining SOC 2 compliance by continuously monitoring systems and collecting audit evidence.
Drata is a security and compliance automation platform that offers continuous monitoring and evidence collection to help companies prepare for and prove compliance with standards like SOC 2, ISO 27001, and HIPAA.
Secureframe's platform automates security compliance for frameworks such as SOC 2 and ISO 27001. It helps companies by streamlining readiness, managing policies, and integrating with cloud services to monitor controls.
Sprinto is a compliance automation platform built for cloud companies to obtain certifications like SOC 2 and ISO 27001. The technology automates control monitoring, evidence gathering, and audit readiness.
OneTrust offers a trust intelligence platform that includes solutions for audit and compliance management. Its technology helps organizations automate readiness for SOC 2 by managing controls, risks, and evidence collection.
Laika combines automation software with expert support to help companies manage information security and privacy compliance. Their platform streamlines the process of achieving SOC 2, from policy creation to audit management.
AuditBoard provides a cloud-based platform for managing audit, risk, and compliance. The technology is used by organizations to centralize control management and evidence for frameworks like SOC 2, streamlining audit preparation.
Hyperproof offers a compliance operations platform that helps businesses manage and automate their work for security and privacy standards, including SOC 2. The software streamlines control mapping and evidence collection.
A-LIGN is a cybersecurity and compliance firm that provides both audit services and its own compliance automation software, A-SCEND. The platform helps clients manage their audit lifecycle and prepare for assessments like SOC 2.