SOC 2 applies to technology-based service organizations that store customer data in the cloud. A SOC 2 audit is an audit of a service organization’s non-financial reporting controls as they relate to the security, availability, processing integrity, confidentiality, and privacy of a system.
SOC 2 compliance is a component of the American Institute of CPAs (AICPA)’s Service Organization Control reporting platform.
There are many other similarities between SOC II Type I and SOC 2 Type II reports, but the key difference is that a SOC 2 Type I report is a confirmation of controls at one specific time, whereas a SOC 2 Type II report is a confirmation of controls over a minimum six-month period. The SOC 2 Type I reports on the description of controls, that they are detailed and correspondingly deployed. The SOC 2 Type II reports primarily on the effectiveness of the controls.