A SOC 2 is a reporting format, while the HITRUST CSF is a security framework. A SOC 2 examination examines the internal controls at a service organization as they relate to one or more of the Trust Services Principles of Security, Availability, Confidentiality, Processing Integrity and Privacy. The SOC 2 reporting model and the HITRUST security framework are complementary since both are facilitated through the efficient assessment and implementation of controls to satisfy the HITRUST CSF.