SOC 2

An audit framework developed by the AICPA that evaluates an organization's controls related to security, availability, processing integrity, confidentiality, and privacy. A SOC 2 Type II report covers controls over a period (usually 12 months) and provides detailed descriptions of controls and test results. It's the most commonly requested compliance report in SaaS procurement. Type I is a point-in-time snapshot; Type II is the one buyers actually want.