← Cybersecurity Alphabet Soup

SOC 2

System and Organization Controls 2

governanceeasy

An attestation report, defined by the AICPA, in which an independent auditor evaluates a service organization's controls against the Trust Services Criteria: security, availability, processing integrity, confidentiality, and privacy. Type I covers control design at a point in time, while Type II tests operating effectiveness over months. It has become the default security due-diligence artifact that SaaS vendors hand to enterprise customers.

Sources

More in governance