SOC 2 is the report a US-headquartered customer or partner asks for when they want assurance that you are looking after their data. It is an AICPA attestation produced by a CPA firm, evaluating controls against five Trust Services Criteria: security (always required), availability, processing integrity, confidentiality, and privacy.
There are two report types. SOC 2 Type 1 examines whether your controls are designed appropriately at a single point in time. SOC 2 Type 2 examines whether they actually operated effectively across a window (typically six or twelve months). Type 2 is what most enterprise procurement teams expect; Type 1 is sometimes accepted as an interim while a Type 2 reporting period accumulates.
SOC 2 and ISO 27001 cover overlapping ground. The Trust Services Criteria map cleanly to many Annex A controls, and an organisation with a working ISMS has done most of the substantive work. The differences are scope (SOC 2 is service-organisation-focused), reporting style (a SOC 2 report is a narrative document with control descriptions and tester opinions; ISO 27001 produces a certificate), and audience (SOC 2 is read by US enterprise buyers; ISO 27001 is the European equivalent currency).