SOC 2, or Service Organization Controls 2, is a framework governed by the American Institute of Certified Public Accountants (AICPA). Through a SOC 2 audit, an independent service auditor reviews an organization’s policies, procedures, and evidence to determine if their controls are designed and operating effectively. A SOC 2 report communicates a company’s commitment to data security and the protection of customer information.