Skip to main content
Glossary

SOC 2

A compliance framework developed by the AICPA that evaluates an organization's controls relevant to security, availability, processing integrity, confidentiality, and privacy. SOC 2 reports are the standard proof of security for SaaS and cloud service providers.

Why it matters

SOC 2 has become the default security credential that enterprise buyers in North America request from their SaaS vendors. A SOC 2 Type II report provides independent assurance that your controls operated effectively over a period of time, not just that they existed at a point in time. The report is issued by a CPA firm after an audit, giving it credibility that self-assessments lack. For European companies serving US customers, SOC 2 alongside ISO 27001 covers both markets.

In practice

SOC 2 compliance involves selecting which Trust Services Criteria apply (security is mandatory, others are optional), mapping controls to those criteria, operating those controls consistently, collecting evidence, and undergoing an audit. Type I reports assess design at a point in time. Type II reports assess operating effectiveness over 3-12 months. In vucavoid, SOC 2 is available as a blueprint. Controls mapped to Trust Services Criteria generate continuous evidence through effectiveness reports, keeping you audit-ready year-round rather than scrambling before each engagement.

Related terms

Control Effectiveness

A measure of how well a security control actually performs its intended function over time.

Evidence Management

Systematic collection and maintenance of documentation proving controls are implemented and effective.

Cookie Use on Our Site

To ensure the smooth functioning of our website, we use a limited number of cookies. These cookies are essential for providing you with the services available on our website and to use some of its features. Here is a brief overview:
  • vucavoid_session: This cookie is essential for user authentication. It ensures that your session is secure and recognizes you as you navigate through our site.
  • XSRF-TOKEN: This cookie is critical for website security. It helps protect against cross-site request forgery attacks.
  • latest_marketing_banner_visible_{MARKETING_BANNER_ID}: This cookie simply remembers if you have seen our latest site banner, enhancing your browsing experience without tracking your personal data.

These cookies are strictly necessary to deliver the website, and therefore, we do not require your consent to place these cookies. For more information, please visit our Privacy Policy.