SOC 2 Type 1 vs Type 2

Published on 10th June 2020 Author: Rob Black

When you are getting your SOC 2, should you get a Type 1 or a Type 2?

It’s easy to say to get a Type 2 but sometimes that might be difficult. In the video below We explore the various considerations around a Type 1 vs a Type 2.

SOC 2 Type 1 vs Type 2

Type 1 is a point in time evaluation. That means the evaluation is for what the firm is doing right now. A company can get a great program ready, demonstrate it and then they will be issued their Type 1.

A Type 2 evaluates a period of time usually between six and 12 months. The auditor measures the controls over the whole period. They sample data throughout the valid time period.

Helping Organizations Make Good Cybersecurity Decisions

Tales From The Click

Sign up for our monthly newsletter for business leaders on minimizing cybersecurity risk.

Sign up