The American Institute of Certified Public Accountants (AICPA) developed the Service Organization Control (SOC) 2 report. This report provides annual oversight and controls for a technology service provider. Specifically, any company storing customer data in the cloud (private or public) must meet the standards designed to minimize risk and exposure.
To become SOC 2 certified, a third-party audit firm must complete a full review of the company, requiring IT partners to not only establish procedures, but also to follow strict security policies. This certification affords assurance an IT provider follows the “trust principles” laid out by the AICPA. In other words, a SOC 2 certification ultimately provides reassurance to an organization that its consumer data is secure, available, confidential, and private.