Skip to content
Cybsis

Standard

SOC 2 — AICPA Trust Services Criteria

The US enterprise-vendor audit framework. Auditor-driven attestation against the Trust Services Criteria — not a control catalogue.

US€600/year as an additional standards packMapped on request — typically about two weeks

The de facto standard US enterprise buyers ask SaaS vendors to produce. Auditor-driven (CPA firms perform the audit), output is a SOC 2 report (Type 1 or Type 2), not a certification.

The five Trust Services Criteria (Security, Availability, Processing Integrity, Confidentiality, Privacy) are statements of objectives rather than prescriptive controls — Cybsis 2.0 maps them to the underlying ISO 27001 controls so the same control implementations satisfy both.