In IT security, what does SOC 2 address?

SOC 2 is about evaluating the controls a service organization has in place to protect client data, using the trust service criteria. It focuses on five principles—security, availability, processing integrity, confidentiality, and privacy—and provides a framework auditors use to assess how well a vendor protects information and systems. This means examining policies, access controls, monitoring, change management, incident response, and related operational practices within organizations that handle customer data. It isn’t limited to physical security, network protocol standards, or software licensing terms, which is why the best answer is that SOC 2 addresses trust service criteria for service organizations.