Service Organization Control 2 (SOC2) is an auditing procedure that ensures service providers securely manage data to protect the interests of an organization and the privacy of its clients. It addresses organizational controls in five key areas, including security, availability, processing integrity, confidentiality and privacy. SOC2 was created by the American Institute of CPAs (AICPA). SOC2 reports are not prescriptive and may be tailored to the specific needs of an organization. Generally, these reports should address and monitor two key areas. This includes the vendor’s system and whether their design is suitable to meet the five key areas of organizational control, as well as the operational efficiency of those systems.

Looking to become SOC2 compliant? Get a demonstration of Rsam's GRC platform.