SOC 2 is an auditing procedure that ensures your service providers securely manage your data to protect the interests of your organization and the privacy of its clients. For security-conscious businesses, SOC 2 compliance is a minimal requirement when considering a SaaS provider.
Notes about SOC 2:
- Developed by America Institute of CPAs (AICPA).
- Defined cirteria for managing customer data based on 5 "trust service principles" - security, availability, processing integrity, confidentiality and privacy.
- SOC 2 reports are unique to each organization (Vs PCI DSS which is rigid requirements)
- Type I describes if a vendors system and design is suitable to meet relevant trust principles.
- Type II describes the operational effectiveness of vendor systems.
Links: