SOC 2 Compliance Certification is an auditing process that demonstrates that your business manages customer data securely and in a comprehensive way that protects your customers’ privacy and the privacy of the business.

Developed by the American Institute of CPAs (AICPA), SOC 2 audits use five “trust service principles” to examine the way your business manages customer data:

• Security
• Availability
• Processing integrity
• Confidentiality
• Privacy

The Compliance Certification audits are performed by a third-party auditor (a certified public accountant) who will then issue the compliant business one of two types of certification:

Type I Certification – Typically the first step organizations might take, Type I is an attestation of compliance with SOC 2 controls at a specific point in time. This demonstrates that an organization has established proper security and privacy hygiene.

Type II Certification – an attestation of compliance with SOC 2 controls over a period of time (at least 6 months). This demonstrates that not only has an organization established proper security and privacy hygiene, but it is also continuously maintaining it.