Certifications & Audits
SOC 2 Type II
A SOC 2 report testing that controls operated effectively over a period of time.
SOC 2 Type II is the more rigorous of the two SOC 2 report types. Where a Type I report assesses whether controls are suitably designed at a single point in time, a Type II report tests whether those controls actually operated effectively over a period, typically 6 to 12 months.
Because it demonstrates sustained, not just momentary, control effectiveness, a SOC 2 Type II report carries the most weight when evaluating a hosting provider entrusted with PHI.