What is a SOC 2 Type 2 audit report?

The cloud helps businesses stay flexible with cost-effective solutions, but is it secure? Learn how SOC 2 Type 2 reports ensure cloud providers maintain the highest levels of security.

Cloud provider security controls.

Cloud service providers manage a lot of important user data, which is why it’s essential to follow the strictest security guidelines to keep information safe.

A Service Organization Control (SOC) Type 2 report outlines a company’s internal controls and details how well they safeguard customer data, specifically for cloud service providers. Specifically, it's a third-party audit that shows if the security protocols are safe and effective.

When a service provider passes a SOC Type 2 audit, it proves that their internal controls continue to work well over an extended period of time.

Criteria covered by a SOC 2 Type 2 report.

All SOC 2 audits cover the five Trust Services Criteria:

A Type 1 report audits all these principles at one point in time. A SOC 2 Type 2 report audits the Trust Service Criteria over several months or more to ensure long-term control. This makes it more secure than a Type 1 and shows that providers can protect information over an extended time period. Companies must get audits annually to maintain their SOC 2 Type 2 certification.

Whenever you use online services that manage sensitive information, like cloud services or electronic signature software, make sure the provider has an active SOC 2 Type 2 report — especially when working with sensitive government documents like taxes or services applications. Use only certified, audited software, like Acrobat Sign, to store and send sensitive information over the internet.

Discover more about what you can do with Sign to add your signature to documents online without sacrificing security.