SOC 2

SOC 2 (Service Organization Control 2) is an auditing framework developed by the AICPA that evaluates how service organizations manage customer data across five Trust Service Criteria: Security, Availability, Processing Integrity, Confidentiality, and Privacy. A SOC 2 Type I report assesses controls at a point in time; Type II covers a period (typically 6–12 months). SOC 2 compliance is commonly required by enterprise B2B customers as part of vendor due diligence. It is not a certification but an auditor's report.

Why it matters for your website

• 1Required for selling to enterprise customers or regulated industries
• 2Non-compliance can result in fines, loss of contracts, or reputational damage
• 3Certification provides a third-party validation of your security posture