Direct answer
SOC 2 is an independent audit of SaaS security controls — field operations platforms handling GPS and expense data should provide SOC 2 Type II reports covering security, availability, and confidentiality for enterprise procurement.
Procurement should request latest SOC 2 report and subprocessor list.
