Service Organization Control (SOC) 2 is a framework developed by the American Institute of CPAs (AICPA) for managing customer data based on five "Trust Service Criteria" (TSC): Security, Availability, Processing Integrity, Confidentiality, and Privacy. SOC 2 reports are intended for use by service organizations to demonstrate that they are managing data securely to protect the interests and privacy of their clients.