Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.
Training Camp • Cybersecurity Glossary
SOC 2 Type II is an AICPA SSAE 18 attestation testing a service organizations control effectiveness over a period against the Trust Services Criteria.
SOC 2 Type (II) Definition: SOC 2 Type II is an AICPA SSAE 18 attestation testing a service organizations control effectiveness over a period against the Trust Services Criteria.
SOC 2 Type II is an attestation report, governed by the AICPA's SSAE 18 standard, that evaluates how effectively a service organization's controls operate against the Trust Services Criteria over a sustained observation period, typically six to twelve months. Unlike a Type I report, which assesses the design of controls at a single point in time, a Type II report tests operating effectiveness across the period, providing customers stronger assurance over security, availability, processing integrity, confidentiality, and privacy. The report is produced by an independent CPA firm and is widely used in vendor risk and procurement reviews.
Turn knowledge into credentials with our instructor-led cybersecurity boot camps.
View All Courses →