What are ISO and SOC 2?
Blue background layered with image of a circuit board and hexagons with locks in them

What’s the best way to assess the security measures of an IoT solutions provider?

If your portfolio has thought about how to determine the security measures of a cloud technology service provider, you may have come across the terms “SOC” and “ISO.” What is this alphabet soup of security-related acronyms?

ISO stands for International Standards Organization, which has a set of requirements around security that it lays out along with the International Electrotechnical Commission (IEC). This compliance standard is called the ISO/IEC 27001:2013 (usually shortened to ISO 27001 or ISO).

SOC stands for the Service Organization Control report. This report is often referred to as the SOC 2 report as there is a SOC 1 report that focuses on financial reporting, while SOC 2 involves information technology (IT) controls, which is likely more applicable to your goals. There are two types of SOC 2 reports: Type I covers a snapshot-in-time of the company’s compliance with specific Trust Service Principles. With Type II, the testing reviews a period of time rather than a single point in time, with a focus on a single Trust Service Principle or multiple. This article delves more into SOC 2.

Here are the main similarities:

  • Both standards address an organization’s information security
  • Both require external auditors to review the solution provider’s systems
  • Both are internationally accepted and reputable, so they can appeal to potential customers in multiple countries

Here are the main differences:

  • The Diploma vs. the full Transcript: The ISO deliverable is primarily a certificate while the SOC 2 deliverable includes a full assessment report with an extensive description and review of the organization’s systems under review. This article details these differences more.
  • Top-down vs. Customer-focus: ISO views security controls and principles while SOC 2 views security from a people-centric approach. This article explains more about this difference.

Both ISO and SOC 2 can be helpful to better understand a solutions provider’s security and privacy measures. If a potential customer seeks a comprehensive review over a period of time with a detailed assessment deliverable, SOC 2 can give that fuller picture. 

To learn more about SOC 2, read about major security aspects of a cloud technology service provider.



STRATIS®, a RealPage Company, creates smart apartments and intelligent buildings and is the only platform of its kind built for the complexities of multifamily and student housing. STRATIS is installed worldwide across the U.S., in Japan, the UK, EU, and Latin America. STRATIS now serves hospitality, retail, and small to mid-size commercial, as well. STRATIS is an Inc. Magazine “Fastest Growing Company in America” and a Top Ten Entrepreneur Magazine “Best Company in America.” STRATIS was recently acquired by RealPage to enable STRATIS Smart Building, a more connected lifestyle, and unleash hidden yield through new revenue streams.

Let’s get started

Customize your own Smart Building.