Security
SOC 2 (Type I & Type II)
An auditor's report — not a checklist — covering Security, Availability, Processing Integrity, Confidentiality, and Privacy. Type II is the one enterprise buyers actually care about.
What it is
SOC 2 — Service Organization Control 2. An attestation report from a CPA firm assessing a service organization's controls against the AICPA Trust Services Criteria. Type I is point-in-time; Type II covers a 6–12 month observation window.
Why it matters
B2B SaaS deals above ~$50K ARR routinely require a current SOC 2 Type II in the security questionnaire. Without one, sales cycles stall and procurement piles on bespoke security reviews instead.
Who it applies to
B2B SaaS, hosting, and any service organization holding customer data on behalf of enterprises.
How WQI scores it
Web Quality Index considers this standard satisfied when the supporting factor passes.
| # | Factor | Status |
|---|---|---|
| 4 | Security headers (HSTS, CSP, X-Frame-Options, Referrer-Policy, Permissions-Policy, X-Content-Type-Options) | live |
Related standards
Standards that share factors with this one
Auto-computed from overlapping factor tickets in satisfiedBy, excluding standards already listed under "See also" above. Strong overlap suggests these standards rise and fall together when sites are scored.
Other references
- guidance AICPA — Trust Services Criteria