SOC 2 Type 2 is a type of Service Organization Control (SOC) report that evaluates the effectiveness of an organization's controls related to security, availability, processing integrity, confidentiality, and privacy over a period of time, typically six to twelve months. These reports are based on the Trust Services Criteria (TSC) developed by the AICPA and cover both the design and operating effectiveness of a service organization's systems, processes, and procedures.