SOC 2

privacy

A widely-recognized auditing standard developed by the AICPA that evaluates a service organization's controls related to security, availability, processing integrity, confidentiality, and privacy. A SOC 2 Type II report covers an extended observation period (typically six to twelve months) and is the de-facto baseline that enterprise buyers ask for before signing meeting-copilot contracts. The report is a several-hundred-page narrative of the vendor's controls and the auditor's tests; in practice buyers care about the executive summary and the absence of significant exceptions. SOC 2 is not a one-time event — it requires ongoing operation of the documented controls and an annual re-audit. For a meeting copilot, the most-scrutinized controls usually involve encryption, access management, employee background checks, vendor risk management, and incident response.

Verwandte Begriffe

SOC 2 — Meeting-Copilot-Glossar | Pavleur