SOC 2 Type 1 vs Type 2 - Fractional CISO - Virtual CISO

(617) 658-3276 [email protected]

Home
Services
About Us
Newsletter/Blog

Home
Services
Services Virtual CISO QuantiShield – the Quantitative Cybersecurity Risk Assessment
About Us
About Us Contact Us Code of Ethics Careers
Newsletter/Blog

SOC 2 Type 1 vs Type 2

Published on 10th June 2020 Author: Rob Black

When you are getting your SOC 2, should you get a Type 1 or a Type 2?

It’s easy to say to get a Type 2 but sometimes that might be difficult. In the video below We explore the various considerations around a Type 1 vs a Type 2.

SOC 2 Type 1 vs Type 2

Type 1 is a point in time evaluation. That means the evaluation is for what the firm is doing right now. A company can get a great program ready, demonstrate it and then they will be issued their Type 1.

A Type 2 evaluates a period of time usually between six and 12 months. The auditor measures the controls over the whole period. They sample data throughout the valid time period.

Helping Organizations Make Good Cybersecurity Decisions

Tales From The Click

Sign up for our monthly newsletter for business leaders on minimizing cybersecurity risk.

Recent Posts

Elon Musk: Cybersecurity’s Iron Man
Virtual CISO (vCISO)
Pro Tip: Google Vault
Three Lessons From the Garmin Ransomware
COVID and Cyber Hygiene: Not That Different

Archives

Home
Services
About Us
Blog
Contact Us
Sitemap – Virtual CISO

Home
Services
About Us
Blog
Contact Us
Sitemap – Virtual CISO

© Copyright 2020 All rights reserved