Question 1

How long does a SOC 2 examination take?

Accepted Answer

A Type I typically takes 4–6 weeks. A Type II covers a review period of at least 6 months, with the examination itself taking 4–8 weeks after the period ends. If you’re on a tight timeline for an enterprise deal, we can help you plan around it.

Question 2

What changes between a first-time and renewal examination?

Accepted Answer

First-time examinations involve more upfront scoping and evidence collection. Renewals focus on what changed — new systems, updated controls, and any prior exceptions. The process gets significantly faster each cycle.

Question 3

What is included in the final report?

Accepted Answer

The report includes the auditor’s opinion, a description of your system, the applicable Trust Services Criteria, tests of controls, results, and any exceptions with recommendations. It’s the document your customers’ security teams will review during vendor diligence.

Question 4

How do we share the report with customers?

Accepted Answer

SOC 2 reports are restricted-use — you share them with customers and prospects through a secure portal or under NDA. Most teams use a trust center or security page for this. If you need something publicly distributable, consider a SOC 3 report.

Question 5

What tools can we use for evidence collection?

Accepted Answer

We work with your existing tools and workflows. We work alongside your compliance platform to streamline evidence collection — whether that’s pulling configs from your cloud provider or mapping controls in your GRC tool.

SOC 2 examinations with rigorous testing and modern delivery.

What is a SOC 2 examination?

Type I vs. Type II

Type I

Type II

What to expect

Planning & preparation

Evidence request and collection

Testing

Reporting

Frequently asked questions