SOC 2 (Service Organization Control 2) is an audit framework defined by the AICPA that evaluates a service organization’s controls relevant to security, availability, processing integrity, confidentiality, and privacy. For B2B SaaS — including customer portals — SOC 2 is the dominant security-attestation standard requested in enterprise sales cycles.
Two variants: SOC 2 Type I (point-in-time, weaker) and SOC 2 Type II (period of 6–12 months, stronger). Enterprise customers expect Type II. A SOC 2 Type II report is generated by an independent auditor and shared under NDA with prospects evaluating the vendor’s security posture.
See Secure Client Portal and our SOC 2 compliance guide.