The SOC 2 Compliance Hub
Claiming “SOC 2 compliant” based only on an internal assessment isn’t technically false, but it’s routinely interpreted as having a report. See our Type 1 vs Type 2 comparison for more detail. A Type 1 report is often accepted for initial vendor approval; a Type 2 (covering 6 to 12 months of operating effectiveness) is […]
