Overview

SOC 2 Audit

A SOC 2 audit is an examination of a service organization’s compliance with SOC 2, according to the Trust Service Criteria defined by the AICPA.

What is a Type 1 audit?

A SOC 2 Type 1 report covers:

Because a Type 1 report is framed around a specific date, it does not show tests of controls or the results of tests. Generally, the CPA that executes the audit will issue an opinion, which addresses the suitability of control architecture.

What is a Type 2 audit?

During a Type 2 audit, the auditors will look over the description of controls to better understand how to test them and judge the effectiveness.

In a SOC 2 Type 2 report, the auditor will issue a similar opinion as a Type 1 with the addition of operating effectiveness. Controls are evaluated over a period of time, typically a 12 month period. The report shows descriptions of control tests and results by the auditor.

Who can audit my SOC 2 compliance?

Any certified public accountant (CPA) affiliated with the AICPA can perform a SOC 2 audit.

Realistically, technology-forward businesses should hire an auditor that is familiar with the SOC 2 framework. They can quickly and easily evaluate a security posture. While that does include big-name firms, there are plenty of accounting firms that specialize in security audits that cost much less.

How long does an audit take?

A couple of weeks to several months.

Unfortunately, the length of a SOC 2 audit is variable. A SOC 2 audit can last anywhere from a week to multiple months. This is based on preparation, organization of evidence, and communication with auditors.

Icon

SOC 2 Report

Keep Reading
Jump to a section:
09 SOC 2 Checklist
Icon

SOC 2 Checklist

This section runs you through a checklist to better organize all the tasks needed to get SOC 2 certified and assess your readiness for an audit.

Shape
Jump to a section:
09 SOC 2 Checklist
Icon

SOC 2 Checklist

This section runs you through a checklist to better organize all the tasks needed to get SOC 2 certified and assess your readiness for an audit.

Learn more
Shape Shape

Enterprise-ready compliance
that never slows you down

Request a Demo