What is SOC 2 Type 2?

SOC 2 Type 2 is a security standard that shows a company is serious about protecting customer data. It means an independent auditor has reviewed the company’s systems and confirmed that strong security controls are not only in place, but are working effectively over a period of time (usually several months).

When you see that a data center is SOC 2 Type 2 compliant, you can trust that your data is being handled with care and according to industry best practices.

Brief History

SOC 2 was developed by the American Institute of Certified Public Accountants (AICPA) in 2010. It was created in response to the growing need for companies—especially those offering cloud and technology services—to prove they could keep customer data safe and private.
Before SOC 2, there was SAS 70, an older standard that didn’t focus specifically on data security or privacy. SOC 2 was designed to fill that gap, with a special focus on the needs of modern technology and cloud-based companies.

More Information

SOC 2 audits are based on five “Trust Services Criteria”:

  • Security: Protecting systems and data from unauthorized access.
  • Availability: Ensuring systems are available for operation and use as promised.
  • Processing Integrity: Making sure systems process data accurately and reliably.
  • Confidentiality: Protecting confidential information from unauthorized disclosure.
  • Privacy: Handling personal information properly and in line with privacy policies.

There are two types of SOC 2 reports:

  • Type 1: Checks if the right controls are in place at a specific point in time.
  • Type 2: Checks if those controls are not only in place, but also working effectively over a period of time (usually 3-12 months).

SOC 2 Type 2 is considered the gold standard because it proves that a company’s security practices are not just a one-time thing—they are consistently followed and maintained.

Why Does SOC 2 Type 2 Matter?

  • Trust: It gives customers confidence that their data is safe.
  • Transparency: It shows that a company is open about its security practices.
  • Competitive Advantage: Many businesses require SOC 2 Type 2 compliance before they will work with a service provider.

If you have any questions about our SOC 2 Type 2 compliance or want to know more about how we protect your data, please contact us!

Login