What's The Difference Between SOC 2 Type I Vs SOC 2 Type II?

February 7, 2018
Learn more at https://kirkpatrickprice.com/video/soc-2-type-i-vs-soc-2-type-ii/ A SOC 2 audit, or Service Organization Control 2 engagement, is an audit a service organization’s non-financial reporting controls as they relate to the Trust Services Criteria – the security, availability, processing integrity, confidentiality, and privacy of a system. A SOC 2 audit report provides user entities with reasonable assurance and the peace of mind that the controls at a service organization are suitably designed, in place, and appropriately protecting client data. There are two types of SOC 2 audit reports – SOC 2 Type I and a SOC 2 Type II. A SOC 2 Type I and a SOC 2 Type II both report on the non-financial reporting controls and processes at a service organization as they relate to the Trust Services Criteria. The main difference is that a SOC 2 Type I report is an attestation of controls at a service organization at a specific point in time, whereas a SOC 2 Type II report is an attestation of controls at a service organization over a minimum six-month period. The SOC 2 Type I reports on the description of controls provided by management of the service organization and attests that the controls are suitably designed and implemented. The SOC 2 Type II reports on the description of controls provided by management of the service organization, attests that the controls are suitably designed and implemented, and attests to the operating effectiveness of the controls. As a CPA firm, we commonly advise clients who are engaging in a SOC 2 audit for the first time to begin with a Type I and move on to a Type II the following audit period. This gives service organizations a good starting point, allowing them to mature their environment over time. Many organizations are required to undergo a third-party SOC 2 audit. If you have questions about which type of SOC report you need or want help demonstrating to your clients your commitment to security and compliance, contact us today. Stay Connected Twitter: https://twitter.com/KPAudit LinkedIn: https://www.linkedin.com/company/kirkpatrickprice-llc Facebook: https://www.facebook.com/kirkpatrickprice/ More Free Resources Blog: https://kirkpatrickprice.com/blog/ Webinars: https://kirkpatrickprice.com/webinars/ Videos: https://kirkpatrickprice.com/video/ White Papers: https://kirkpatrickprice.com/white-papers/ About Us KirkpatrickPrice is a licensed CPA firm, PCI QSA, and a HITRUST CSF Assessor, registered with the PCAOB, providing assurance services to over 600 clients in more than 48 states, Canada, Asia, and Europe. The firm has over 13 years of experience in information security and compliance assurance by performing assessments, audits, and tests that strengthen information security and internal controls. KirkpatrickPrice most commonly provides advice on SOC 1, SOC 2, HIPAA, HITRUST CSF, PCI DSS, GDPR, ISO 27001, FISMA, and CFPB frameworks. For more about KirkpatrickPrice: https://kirkpatrickprice.com/ Contact us today: 800-770-2701 https://kirkpatrickprice.com/contact/
Previous Video
What is the Purpose of the SOC 2 Privacy Principle?
What is the Purpose of the SOC 2 Privacy Principle?

Learn more at https://kirkpatrickprice.com/video/what-is-the-purpose-of-the-soc-2-privacy-principle/ Once y...

Next Video
Understanding Your SOC 1 Report: What is an SOC 1 Report?
Understanding Your SOC 1 Report: What is an SOC 1 Report?

Learn more at https://kirkpatrickprice.com/video/understanding-your-soc-1-report-what-is-a-soc-1-report/ Do...