The job of a SOC 2 auditor is to review and assess independently and determine whether an organization has systems, controls, and processes that conform to the rigorous requirements of SOC 2 standards. A SOC 2 auditor considers policies, procedures and technical protection measures to make sure that it complies with the principles of SOC 2 such as security, availability, confidentiality, processing integrity and privacy. They do their job through careful evaluation of the IT systems in the organization, the practices being used in risk management, and internal controls so that there is no aspect of SOC 2 compliance that they leave out. A SOC 2 auditor determines the weakness in the current procedures and suggests what might be done to enhance data security and the consistency of operations. They examine the efficiency of applied controls in a number of ways, including examination of logs, analysis of access permissions and examination of systems monitoring tools. Through this, the auditors assist the organizations to perform proactively in anticipating the vulnerabilities before they can affect the clients or the business processes. The auditor will also make sure that the policies and procedures are not written only but are being implemented by the organization. They offer an objective and holistic report to demonstrate the level of SOC 2 compliance of an organization and this is sent to other stakeholders, clients and regulators as evidence of sound security practices. The report can also be used as a continuous improvement guide, which can enable the organization to have a high level of internal governance and operational excellence.