Companies want to avoid working with at-risk vendors. That's why many service organizations are being asked for a SOC 2 audit report. A SOC 2 report helps to address third-party risk concerns by evaluating internal controls, policies, and procedures that directly relate to the security of a system at a service organization.