activeUnited States (AICPA)
SOC 2 (Service Organization Control 2)
SOC 2 is an AICPA auditing standard for service organizations, evaluating controls relevant to security, availability, processing integrity, confidentiality, and privacy. While not AI-specific, SOC 2 Type II reports are table stakes for B2B SaaS vendors — including AI governance platforms — and are frequently mapped to AI-specific risk frameworks.
Jurisdiction
United States (AICPA)
Enforcement
See overview
Maximum penalty
Varies by violation
Vendors that support SOC 2
Sorted by coverage level. Full coverage shown first.
5 vendors
| Vendor | HQ | Founded | Size | Pricing | Coverage | Last verified |
|---|---|---|---|---|---|---|
| Scrut Automation | Palo Alto, US | 2021 | 51-200 | Contact for pricing | Comprehensive | Apr 24, 2026 |
| Braintrust | San Francisco, US | 2023 | 51-200 | Contact for pricing | Comprehensive | Apr 24, 2026 |
| WhyLabs | Seattle, US | 2019 | 11-50 | Contact for pricing | Comprehensive | Apr 24, 2026 |
| Drata | San Francisco, US | 2020 | 501-1000 | Contact for pricing | Comprehensive | Apr 24, 2026 |
| Giskard | Paris, France | 2021 | 11-50 | Contact for pricing | Comprehensive | Apr 24, 2026 |
Compare across industries
See which vendors support SOC 2 in your sector.
SOC 2 in Defense & National SecuritySOC 2 in EducationSOC 2 in Employment & HRSOC 2 in Energy & UtilitiesSOC 2 in Financial ServicesSOC 2 in Government & Public SectorSOC 2 in HealthcareSOC 2 in InsuranceSOC 2 in Legal ServicesSOC 2 in ManufacturingSOC 2 in Media & EntertainmentSOC 2 in Retail & E-commerceSOC 2 in SaaS & TechnologySOC 2 in Telecommunications
Last verified April 24, 2026. Informational summary only — not legal advice. Consult qualified counsel for specific obligations.