SOC 2 is a type of audit that ensures the organisation provides a safe and secure operating environment and appropriately manages data and the data of their clients. The audit focuses on the controls that the organisation has defined to properly govern the services it provides to its clients.
Developed and introduced by the AICPA, the SOC 2 audit focuses on the internal controls of a service organisation, using the five Trust Services Criteria (TSC), which are Security, Confidentiality, Processing Integrity, Availability and Privacy. Depending on the organisation, or the reason for performing a SOC 2 audit, it may use a few or all of the TSCs to define the scope of its audit.