SOC-2-TYPE-2
AICPA SaaS audit over a period.
Definition
SOC 2 (Service Organization Control 2) Type 2 audits five Trust Service Criteria: Security (mandatory), Availability, Processing Integrity, Confidentiality, Privacy. Type 1 = point-in-time ; Type 2 = over duration. Annual audit nearly mandatory for B2B SaaS US.
Origin
AICPA standard published 2010 ; TSP 2017 update including Privacy.
Example in context
A US cloud EDI vendor annually passes SOC 2 Type 2 over 12 months — report shared under NDA with customers.
Related terms
- ISO 27001 — European twin.