SOC 2 is a framework defined by the American Institute of Certified Public Accountants (AICPA), intended for use by service organizations to issue validated reports of internal controls over the information systems to the users of those services. It cites the criteria required to maintain robust information security, allowing each company to adopt the practices and processes relevant to their own objectives and operations.