SOC 2 is a voluntary compliance standard for service organizations, developed by the American Institute of CPAs (AICPA), which specifies how organizations should manage customer data. The standard is based on the following Trust Services Criteria: security, availability, processing integrity, confidentiality, and privacy. A SOC 2 report is tailored to the unique needs of each organization. Depending on its specific business practices, each organization can design controls that follow one or more principles of trust. These internal reports provide organizations and their regulators, business partners, and suppliers, with important information about how the organization manages its data. There are two types of SOC 2 reports:

• Type I describes the organization’s systems and whether the system design complies with the relevant trust principles at a specific point in time
• Type II details the operational efficiency of these systems over a period of time, usually six or twelve months