Glossary definition

SOC 2 Report

SOC 2 Report is an independent attestation report under the AICPA Trust Services Criteria; a Type I assesses control design at a point in time, while a Type II tests operating effectiveness over a period.

Standards & Evidence

Why It Matters

In security reviews

A SOC 2 report is among the most requested pieces of evidence in security reviews and can answer many questionnaire items at once.

Workflow Context

Where it shows up

Shared as primary evidence during security reviews and often gated behind an NDA in a trust center.

Common Mistakes

What to avoid
  1. Treating soc 2 report as a universal term with no workflow context.

    Use this as an editorial checkpoint when the term appears in a buyer review, internal workflow, or vendor evaluation.