SOC 2 (Service Organization Control 2)
SOC 2 is an AICPA auditing standard for service organizations, evaluating controls relevant to security, availability, processing integrity, confidentiality, and privacy. While not AI-specific, SOC 2 Type II reports are table stakes for B2B SaaS vendors — including AI governance platforms — and are frequently mapped to AI-specific risk frameworks.
This is an attestation a vendor obtains for its own operations — it is distinct from the AI-specific obligations the vendor’s tooling can help you meet. Vendors hold this certification or they don’t; we don’t use partial-coverage tiers here.
Standard owner
United States (AICPA)
Typical certification cycle
See overview
Penalty for misrepresentation
Loss of certification; legal exposure
Vendors that hold SOC 2
Vendors below have a current third-party attestation against this standard. We list the certification, not coverage levels.
13 vendors
| Vendor | HQ | Founded | Size | Pricing | Coverage | Last verified |
|---|---|---|---|---|---|---|
| Scrut Automation | Palo Alto, US | 2021 | 51-200 | Contact for pricing | Certified | Apr 24, 2026 |
| Braintrust | San Francisco, US | 2023 | 51-200 | Contact for pricing | Certified | Apr 24, 2026 |
| WhyLabs | Seattle, US | 2019 | 11-50 | Contact for pricing | Certified | Apr 24, 2026 |
| Drata | San Francisco, US | 2020 | 501-1000 | Contact for pricing | Certified | Apr 24, 2026 |
| Giskard | Paris, France | 2021 | 11-50 | Contact for pricing | Certified | Apr 24, 2026 |
| Vanta | San Francisco, USA | 2018 | 500-1000 | Contact for pricing | Certified | Apr 26, 2026 |
| Credo AI | Palo Alto, US | 2020 | 51-200 | Contact sales for enterprise subscription quote. Credo AI homepage | Certified | Apr 26, 2026 |
| Arthur | New York, US | 2019 | 51-200 | Contact for pricing | Certified | Apr 26, 2026 |
| Modulos AI Governance | Zurich, Switzerland | 2018 | 11-50 | Contact for pricing | Certified | Apr 24, 2026 |
| Aporia | San Jose, US | 2019 | 51-200 | Enterprise pricing only. Not publicly listed. | Comprehensive | Apr 27, 2026 |
| Lasso Security | Tel Aviv, IL | 2023 | 11-50 | Enterprise pricing only. Not publicly listed. | Comprehensive | Apr 27, 2026 |
| Pillar Security | Tel Aviv, IL | 2023 | 11-50 | Enterprise pricing only. Not publicly listed. | Comprehensive | Apr 27, 2026 |
| Knostic | Herndon, US | 2023 | 11-50 | Contact for pricing | Partial | Apr 27, 2026 |
Compare across industries
See which vendors support SOC 2 in your sector.
Last verified April 24, 2026. Informational summary only — not legal advice. Consult qualified counsel for specific obligations.