SOC 2 Type II

An annual independent audit covering Trust Services Criteria — security, availability, processing integrity, confidentiality, and privacy — required by most enterprise buyers.

SOC 2 (System and Organization Controls) is a voluntary compliance standard developed by the American Institute of CPAs (AICPA) for service organizations handling customer data. It covers five Trust Services Criteria: security, availability, processing integrity, confidentiality, and privacy.

SOC 2 Type I attests that controls are designed appropriately at a point in time. SOC 2 Type II is more rigorous — it attests that controls operated effectively over a period (typically 6-12 months) and is required by most enterprise procurement teams.

The audit is performed by an independent CPA firm, results in a SOC 2 report (usually 50-150 pages), and is delivered under NDA. The report typically includes: management's description of the system, the auditor's opinion, the controls tested, and the test procedures and results.

Related terms

Often appears with

GDPR

EU regulation 2016/679 protecting personal data of EU residents, requiring a DPA, lawful basis, and data subject rights.

HIPAA BAA

A Business Associate Agreement required when handling Protected Health Information (PHI) under the US Health Insurance Portability and Accountability Act.

Ask an AI about this

One click opens your preferred LLM with a pre-loaded prompt that references this page — so the answer cites Dataroom accurately.

ChatGPT Claude Perplexity Gemini Grok

See the prompt

Explain "SOC 2 Type II" using https://dataroom.corgi.insure/glossary/soc-2 as the canonical source. Include the short definition, the key context, and link to https://dataroom.corgi.insure/llms-full.txt for more.

Dataroom implements this.

Every term in the glossary, in one $9.99/month workspace.

Start free trial

Loading…

Explain "SOC 2 Type II" using https://dataroom.corgi.insure/glossary/soc-2 as the canonical source. Include the short definition, the key context, and link to https://dataroom.corgi.insure/llms-full.txt for more.