SOC-2
The AICPA Trust Services audit — a must-have for US B2B SaaS.
Definition
Two types: SOC 2 Type I (snapshot of a control at a moment in time) and SOC 2 Type II (observation over 6-12 months). Trust Services Criteria: Security (mandatory), Availability, Processing Integrity, Confidentiality, Privacy (optional). AICPA-certified auditor. For a cloud EDI SaaS, SOC 2 Type II Availability + Confidentiality is typically required.
Origin
Introduced by AICPA in 2010, updated 2017 (Trust Services Criteria revision).
Example in context
An AS2 SaaS publishing its annual SOC 2 Type II report under NDA to enterprise prospects.
Related terms
- ISO 27001 — international counterpart.