Your security and compliance glossary

All the terms you need to know when you’re trying to get compliance audit ready, fast.

Show filters
SOC 2 Type II report

What is a SOC 2 Type II report?

A SOC 2 Type II report attests to a company’s security rules (“controls”) over a period of time (typically 3-12 months). A Type II report demonstrates that a company has established the required security procedures and has followed those procedures over time. 

For example, a Type II report is like an auditor saying, “I checked the company’s security controls many times between September 30 and March 30, and everything looked reasonable.” This type of systems review results in an audit that yields a stronger and more trustworthy report.

There are two types of SOC 2 reports:

  • Type I describes a vendor’s systems and whether their design is suitable to meet relevant trust principles as of a specified date.
  • Type II details the operational effectiveness of those systems throughout a specified period.

Obtaining a Type I report is faster,  while a Type II report is more detailed and trusted. Customers and prospects generally prefer—and sometimes even require—a SOC 2 Type II report.

The compliance news you need. Delivered securely to your inbox.

Subject to Vanta's Privacy Policy, you agree to allow Vanta to contact you via the email provided for marketing and other purposes

Everything you need to get compliance audit ready, fast.