Skip to main content
Certifications & Audits

SOC 2

An audit report on a service provider's controls for security, availability, and confidentiality.

SOC 2 (System and Organization Controls 2) is an audit framework from the AICPA that evaluates a service provider's controls against five "trust services criteria": security, availability, processing integrity, confidentiality, and privacy.

A SOC 2 report is independent evidence that a hosting provider has effective controls in place. While SOC 2 is not the same as HIPAA compliance, the two overlap heavily, and a current SOC 2 report is a common way providers demonstrate the maturity behind HIPAA-compliant hosting. Reports come in Type I and Type II forms.