[{"data":1,"prerenderedAt":77},["ShallowReactive",2],{"term-s\u002Fsoc-2":3,"related-s\u002Fsoc-2":60},{"id":4,"title":5,"acronym":5,"body":6,"category":39,"description":40,"difficulty":41,"extension":42,"letter":43,"meta":44,"navigation":45,"path":46,"related":47,"seo":53,"sitemap":54,"stem":57,"subcategory":58,"__hash__":59},"terms\u002Fterms\u002Fs\u002Fsoc-2.md","SOC 2",{"type":7,"value":8,"toc":32},"minimark",[9,14,18,22,25,29],[10,11,13],"h2",{"id":12},"eli5-the-vibe-check","ELI5 — The Vibe Check",[15,16,17],"p",{},"SOC 2 is a trust certification for SaaS companies. It proves to enterprise customers that you take security, availability, and privacy seriously. An independent auditor reviews your controls and certifies you pass. Big companies won't sign contracts with SaaS vendors without SOC 2. It's basically security street cred.",[10,19,21],{"id":20},"real-talk","Real Talk",[15,23,24],{},"SOC 2 (System and Organization Controls 2) is an auditing standard developed by the AICPA. It evaluates controls relevant to the Trust Services Criteria: Security, Availability, Processing Integrity, Confidentiality, and Privacy. Type I covers a point in time; Type II covers a period (typically 6-12 months) and is more rigorous.",[10,26,28],{"id":27},"when-youll-hear-this","When You'll Hear This",[15,30,31],{},"\"Our enterprise prospects require SOC 2 Type II before signing.\" \u002F \"We're going through the SOC 2 audit process — it takes about 6 months.\"",{"title":33,"searchDepth":34,"depth":34,"links":35},"",2,[36,37,38],{"id":12,"depth":34,"text":13},{"id":20,"depth":34,"text":21},{"id":27,"depth":34,"text":28},"security","SOC 2 is a trust certification for SaaS companies. It proves to enterprise customers that you take security, availability, and privacy seriously.","intermediate","md","s",{},true,"\u002Fterms\u002Fs\u002Fsoc-2",[48,49,50,51,52],"Compliance","GDPR","PCI DSS","Security Audit","MFA",{"title":5,"description":40},{"changefreq":55,"priority":56},"weekly",0.7,"terms\u002Fs\u002Fsoc-2",null,"JdYi9hbfsvUhHTgnaML0VA-mBEHwCps4kkAgPaNPbN0",[61,65,68,71,74],{"title":48,"path":62,"acronym":58,"category":39,"difficulty":63,"description":64},"\u002Fterms\u002Fc\u002Fcompliance","beginner","Compliance means following the rules — legal, industry, or governmental standards that say how you must handle data and security.",{"title":49,"path":66,"acronym":49,"category":39,"difficulty":63,"description":67},"\u002Fterms\u002Fg\u002Fgdpr","GDPR (General Data Protection Regulation) is the EU's big rulebook for protecting people's personal data.",{"title":52,"path":69,"acronym":52,"category":39,"difficulty":63,"description":70},"\u002Fterms\u002Fm\u002Fmfa","MFA stands for Multi-Factor Authentication. It's the umbrella term for requiring multiple proofs of identity. 2FA is MFA with exactly two factors.",{"title":50,"path":72,"acronym":50,"category":39,"difficulty":41,"description":73},"\u002Fterms\u002Fp\u002Fpci-dss","PCI DSS is the security standard you must follow if you handle credit card data.",{"title":51,"path":75,"acronym":58,"category":39,"difficulty":63,"description":76},"\u002Fterms\u002Fs\u002Fsecurity-audit","A security audit is a systematic review of your code, infrastructure, and processes to find security weaknesses.",1776518310034]