SOC 2 Type II

SOC 2 Type II is an independent audit report that evaluates whether a service organisation's controls around security, availability, processing integrity, confidentiality, and privacy were operating effectively over a defined observation period — typically six to twelve months. Unlike SOC 2 Type I, which assesses design at a point in time, Type II assesses operating effectiveness over time. AI platforms and agent governance tools are increasingly required by enterprise customers to hold SOC 2 Type II certification.