A SOC 2 Report, also known as a Service Organization Control Report, is a document that provides an independent assessment of a service organization’s controls related to security, availability, processing integrity, confidentiality, and privacy. SOC 2 reports are conducted in accordance with the criteria outlined by the American Institute of Certified Public Accountants (AICPA).
A SOC 2 Report typically includes detailed information about the service organization’s control objectives, control activities, and the testing performed by an independent auditor. The report may also include information on the design and operating effectiveness of controls, potential vulnerabilities or weaknesses identified, and any recommendations for improvement.