FAQ: How often is a SOC 2 audit required?

FAQ: How often is a SOC 2 audit required?

SOC 2 Type II audits should be performed annually, however, there are times you may choose to perform them twice a year. Additionally, if recently completing a SOC 2 Type I, performing a SOC 2 Type II a few months later is also very common. 

Additional FAQs

What is SSAE 18 (formerly SSAE 16)?

The SSAE 18 audit standard is a framework for reporting on an examination of controls at a service organization relevant to user entities’ internal control over financial reporting.

How long does a SOC 1 take to complete?

This depends on how prepared and how many resources an Organization has to dedicate to the project. The first time through, usually a readiness assessment would be performed, and then

What is SSAE 18 (formerly SSAE 16)?

A SOC 1 Type 1 report typically costs on average anywhere between $10,000 and $20,000 USD, without the readiness assessment project which most Organizations benefit from and can be an

Get Our Emails

SOC Reporting Guide