When you are getting your SOC 2, should you get a Type 1 or a Type 2?
It’s easy to say to get a Type 2 but sometimes that might be difficult. In the video below We explore the various considerations around a Type 1 vs a Type 2.
SOC 2 Type 1 vs Type 2
Type 1 is a point in time evaluation. That means the evaluation is for what the firm is doing right now. A company can get a great program ready, demonstrate it and then they will be issued their Type 1.
A Type 2 evaluates a period of time usually between six and 12 months. The auditor measures the controls over the whole period. They sample data throughout the valid time period.