What is the difference between a SOC 2 Type I and SOC 2 Type II audit?

A SOC 2 Type I audit is an audit reporting on the policies and procedures a company has established at a particular point in time. It is generally the first step taken and is often referred to as “test of design.” It will answer the question, “are the controls properly in place?” A SOC 2 Type II audit is a “test of effectiveness” over a period of time. The “period of time” is generally no less than 6 months and no more than a year. It will answer, “is your company following it’s own policies?”

Related Posts

About Us
closeup photo of

Practical Assurance helps companies prepare for compliance with SOC 1, SOC 2, HIPAA, ISO 27001, IISF, and provides ICO and smart contract audits.

Let’s Socialize

Popular Post