cifraHQ Enterprise
Glossary

SOC 2 Type I compliance

Independent attestation that verifies the design of security, availability, and confidentiality controls at a point in time.

Request demo Back to glossary
Definition

Detail

SOC 2 is an audit standard administered by the AICPA (American Institute of CPAs). Type I evaluates control design at a specific date; Type II evaluates effective operation over a period (typically 6-12 months). The criteria cover five areas (Trust Services Criteria): security, availability, processing integrity, confidentiality, privacy. For a serious B2B SaaS, SOC 2 Type II is practically mandatory for enterprise contracts. cifraHQ Enterprise has SOC 2 Type I at launch; the auditor is re-engaging for Type II, expected within the next twelve months. The difference matters: Type I is promise, Type II is proof.

Related terms

See also

compliance

Dual audit trail

Combination of accounting trail (journal entries) and technical trail (access and change logs) that lets you reconstruct both the "what" and the "who and when".

How does cifraHQ model SOC 2 Type I?

Let’s schedule a 45-minute technical session with your team to see it in product.

Schedule session