SOC 2 Report
SOC 2 Report is an independent attestation report under the AICPA Trust Services Criteria; a Type I assesses control design at a point in time, while a Type II tests operating effectiveness over a period.
Why It Matters
In security reviewsA SOC 2 report is among the most requested pieces of evidence in security reviews and can answer many questionnaire items at once.
Workflow Context
Where it shows upShared as primary evidence during security reviews and often gated behind an NDA in a trust center.
Common Mistakes
What to avoid- Treating soc 2 report as a universal term with no workflow context.
Use this as an editorial checkpoint when the term appears in a buyer review, internal workflow, or vendor evaluation.