SOC 2 vs. SOC 2 Type II
SOC 2 Type I is a point-in-time assessment. SOC 2 Type II proves that your controls operated effectively over a period (typically 6-12 months). Enterprise clients and investors require Type II.
The Five Trust Service Criteria
- Security: Protection against unauthorized access.
- Availability: System is available for operation as committed.
- Processing Integrity: System processing is complete and accurate.
- Confidentiality: Information designated as confidential is protected.
- Privacy: Personal information is collected, used, and retained appropriately.