SOC 2 Type II
At a glance
- Framework
- AICPA Trust Services Criteria
- Report type
- Type II (controls over time)
- Criteria
- Security (+ Availability, Confidentiality)
- Status
- Readiness / observation in progress
Trust Services Criteria
| Criterion | Focus |
|---|---|
| Security | Protection against unauthorised access (the common criteria) |
| Availability | System uptime, monitoring and resilience |
| Confidentiality | Protection of information designated confidential |
| Processing Integrity | Complete, accurate, timely processing (as applicable) |
| Privacy | Handling of personal information (as applicable) |
Where we are
Type I assesses control design at a point in time; Type II assesses operating effectiveness over a period (commonly 3–12 months). Our controls, access management, change management, monitoring, incident response and vendor management, are implemented and evidenced; we are completing the observation period required for a Type II opinion.
Honest status
Until the report is issued we state “SOC 2 Type II, in progress” and do not represent ourselves as SOC 2 certified. Qualified reviewers can request our current control summary and the engagement timeline under NDA.
Documentation available on request
- SOC 2 readiness / control summary
- Engagement timeline
- Sub-processor and vendor-management summary
Provided to qualified reviewers under a mutual NDA via contactus@desha.ai.
