SOC 2 Type II

The Service Organization Control 2 (SOC 2) Type II report is an attestation of controls at a service organization over a minimum six-month period, where as a SOC 2 Type I report is an attestation of the operating effectiveness of controls at a service organization at a specific point in time.  The SOC 2 Type II reports on the description of controls  relevant to security, availability, processing integrity, and confidentiality or privacy provided by the service organization and attests that the controls are suitably designed,  implemented, and effective.