SOC 2 — System and Organization Controls 2

Definition: AICPA audit framework for how a service organization handles customer data across security, availability, processing integrity, confidentiality, and privacy. SOC 2 reports are table stakes in B2B sales.

Example

In board meetings, you'll often hear something like: "Let's pull the latest SOC 2 numbers before we make a call" — shorthand for system and organization controls 2.

When you'll hear it

SOC 2 shows up most often in board meetings, quarterly business reviews, and strategy off-sites. When someone uses it, they're usually referring to system and organization controls 2 — and they expect the room to already know what that means.

FAQs

What does SOC 2 stand for?

SOC 2 stands for System and Organization Controls 2.

What does SOC 2 mean in business and finance?

AICPA audit framework for how a service organization handles customer data across security, availability, processing integrity, confidentiality, and privacy. SOC 2 reports are table stakes in B2B sales.

Where will I hear SOC 2 used at work?

SOC 2 comes up most often in board meetings, quarterly business reviews, and strategy off-sites. It's used as shorthand for system and organization controls 2, so people assume you already know the term.