SOC 2 Type II audits should be performed annually, however, there are times you may choose to perform them twice a year. Additionally, if recently completing a SOC 2 Type I, performing a SOC 2 Type II a few months later is also very common.
What are the SOC 2 criteria?
The five SOC 2 criteria are Security, Availability, Processing Integrity, Confidentiality, and Privacy.