What is SOC 2 Type II?

There are two types of SOC 2 reports: Type I and Type II. 

A Type I report is a point-in-time report that assesses how your security controls are designed. 

A SOC 2 Type 2 report examines how well a service organization's system and controls perform over a period of time (typically 3-12 months). 

Both report types require an external audit by an AICPA-accredited CPA firm. Organizations that need a SOC 2 report as quickly as possible may opt for a Type I report, which takes less time to complete. However, SOC 2 Type II reports hold more weight with customers and will be necessary for most companies to achieve.