GLOBAL · Framework
SOC 2 — SOC 2 (AICPA Trust Services Criteria)
SOC 2 is an independent attestation over a service organisation's controls relevant to Security, and optionally Availability, Processing Integrity, Confidentiality and Privacy.
What it is
SOC 2 is an independent attestation over a service organisation's controls relevant to Security, and optionally Availability, Processing Integrity, Confidentiality and Privacy.
Global assurance · Maintained by the AICPA
Who it binds
Voluntary; service organisations, typically cloud and SaaS providers, demonstrating control assurance to their customers.
Key obligations
- Design controls against the Trust Services Criteria
- Demonstrate operating effectiveness over a period (Type II)
- Undergo an independent CPA examination
- Security is mandatory; other criteria are scoped by choice
How CCI addresses it
EviGen automates control evidence across Windows, macOS and Linux; CySSURANCE maps the Trust Services Criteria to your control set.
Official source
AICPA Trust Services Criteria (2017, revised points of focus 2022)
The linked text is the authoritative legal or standards source. CCI maps to it; it is not a CCI publication.