If a vendor’s controls, in combination with your organization’s controls, are necessary to achieve your service commitments and system requirements, to meet your SOC 1 objectives, or to fulfil applicable SOC 2 trust services criteria, then the vendor is classified as a “subservice organization”. Subservice organizations are critical to the success of the service organization.