Your security and compliance glossary

All the terms you need to know when you’re trying to get compliance audit ready, fast.

Show filters

What is a SOC 2 Type I report?

A SOC 2 Type I report attests to a company’s security rules (“controls”) at a specific point in time. The Type I report describes the controls a company follows but does not judge the effectiveness of those controls. 

A SOC 2 Type I report is issued as of a specific date and represents an auditor’s review and approval of a company’s systems at that moment in time. For example, a Type I report is like an auditor saying, “I checked the company’s security controls on September 30, and everything looked good.”

There are two types of SOC 2 reports:

  • Type I describes a vendor’s systems and whether their design is suitable to meet relevant trust principles as of a specified date.
  • Type II details the operational effectiveness of those systems throughout a specified period.

Obtaining a Type I report is faster, while a Type II report is more detailed and trusted. Customers and prospects generally prefer—and sometimes even require—a SOC 2 Type II report.

Additional resources you might like:

Compliance for Startups: Join Vanta's Office Hours

Do you have questions about SOC 2, ISO 27001, HIPAA, or other security and privacy frameworks? Wondering if, when, and how to achieve compliance (as painlessly as possible)? Join the next office hours with Vanta team leaders to learn about compliance for growing startups

Compliance Automation for Security Experts

Swapped with countless spreadsheets and endless email threads? Wondering how compliance automation can help you more easily manage risk and prove security in real time?

Auditor Edition

Are you preparing for upcoming compliance audits? Curious about the best practices to ensure a smooth audit process? Join the webinar...

Get compliant and
build trust, fast.