Are you looking for product guides, support articles and setup instructions?

Customer Webinar Recording: SOC 2, Type 1 vs Type 2 - Finding the Perfect Fit

edited September 9 in SOC2

If you’ve started your SOC 2 journey, you might be wondering whether to pursue a Type 1 or Type 2 report. It’s an important decision to make. After all, it could mean the difference between winning or losing your next big deal.

Jitendra Juthani, a member of the Tugboat Logic Labs team with over 20 years of audit experience at PwC, EY and Deloitte, breaks down SOC 2 and both report types to help you make the best possible decision for your organization.

GoToWebinar Link: View the recording here!


00:00 - 03:00 Introductions

03:10 - 09:40 The difference between SOC1, SOC2, and SOC3

10:00 - 11:10 Overview of Type 1 vs Type 2

11:10 - 14:00 The pros and cons of SOC1 and SOC2

14:05 - 21:00 Breaking down the steps/process of Type 1 and Type 2

21:10 - 25:00 Identifying changes from transitioning from Type 1 to Type 2

25:49 - 27:00 Common Scenario: a Startup company has a huge sale that is ending and they need a SOC2 audit ASAP. What is the best way to manage the sale in addition to the multipart process?

27:30 - 35:45 Overview and Identifying what is in the Audit Report

37:00 - 46:00 Tugboat Logic product demo

Questions & Answers:

46:10 - 47:27 Is there a given list of controls in all 5 domains that one can choose from?

47:55 - 49:00 Who validates end-user control considerations?

49:10 - 50:10 Does Tugboat Logic help with writing the Service Organization description for section 3 of the Audit Report?

50:25 - 53:25 Can you expand upon SOC2 type 1 scope and its definition when reviewing the vendor's report?

53:45 - 56:12 Can we go over the statement "Deciding on SOC1 vs SOC2 may depend on the financial implications that the product has on the end business"?

56:30 - 58:30 Where are sub-service organizations covered if the service provider is hosted on a public cloud?