Jul 31, 2022

SOC 2 Compliance

SOC 2 is an auditing procedure that ensures your service providers securely manage your data to protect the interests of your organization and the privacy of its clients. For security-conscious businesses, SOC 2 compliance is a minimal requirement when considering a SaaS provider.


Notes about SOC 2:

  • Developed by America Institute of CPAs (AICPA).
  • Defined cirteria for managing customer data based on 5 "trust service principles" - security, availability, processing integrity, confidentiality and privacy.
  • SOC 2 reports are unique to each organization (Vs PCI DSS which is rigid requirements)
  • Type I describes if a vendors system and design is suitable to meet relevant trust principles.
  • Type II describes the operational effectiveness of vendor systems.


Links: