The de facto standard US enterprise buyers ask SaaS vendors to produce. Auditor-driven (CPA firms perform the audit), output is a SOC 2 report (Type 1 or Type 2), not a certification.
The five Trust Services Criteria (Security, Availability, Processing Integrity, Confidentiality, Privacy) are statements of objectives rather than prescriptive controls — Cybsis 2.0 maps them to the underlying ISO 27001 controls so the same control implementations satisfy both.