Purpose

The report's purpose is to ensure that third-party service providers store and process client data securely. It assesses the organization's controls against five trust service principles: security, privacy, availability, confidentiality, and processing integrity. 

Time frame

A SOC 2 Type 2 report covers a year, and is valid for 12 months from the issue date and requires a full-scope examination annually.

Purpose

A SOC 2 Type 1 report evaluates the design of an organization's systems, tools, and strategies for keeping data safe. It answers the question, "Are you secure today?" 

Time frame

A SOC 2 Type 1 report covers a specific day, usually shortly after the controls have been implemented.