A SOC2 report is an engagement performed under AT-C section 205 and is based on the existing SysTrust and WebTrust principles. This report will have the same options as the SOC1 report where a service organization can decide to undergo a Type I or Type II certification. Purpose of SOC2 audit is to evaluate an organization’s information systems relevant to:
– and/or Privacy
Organizations asked to provide a SOC1, but which do not have an impact on their client’s financial reporting should select this reporting option.