Glossary
SOC 2
An auditable framework for security, availability, processing integrity, confidentiality and privacy controls.
Definition
SOC 2 (Service Organization Control 2) is an audit framework from AICPA that evaluates a service organisation's controls around five Trust Service Criteria: security, availability, processing integrity, confidentiality and privacy. SOC 2 Type I audits a snapshot of controls; SOC 2 Type II audits operating effectiveness over 3–12 months. For B2B SaaS selling into mid-market and enterprise, a SOC 2 Type II report is often a procurement requirement.
Why it matters
SOC 2 is an engineering project as much as a paperwork project. Audit logs, change-management workflows, vendor-management processes and access-review cadences need to exist in your software, not just in a Confluence page.
See also
SSO (Single Sign-On)
Authentication scheme that lets users sign in once with one identity provider and access many applications.
Read →RBAC (Role-Based Access Control)
Access-control model where permissions are granted to roles, and users inherit permissions by being assigned to roles.
Read →SaaS (Software as a Service)
Software delivered over the internet on a subscription, typically multi-tenant and accessed via a browser or app.
Read →Working on SOC 2?
Our SaaS Developmentteam ships this in production. Tell us your scope and we'll share a written recommendation and fixed quote within 48 hours.
SaaS Development →