Preparing For a SOC 2 Audit What Exactly Is a SOC 2 Audit? An annual SOC 2 audit is necessary for any company or organization that wishes to obtain SOC 2 certification. In order to become SOC 2 certified, your company will be evaluated on one or more of the following principles of the AICPA Trust Service Criteria (TSC): Security, Availability, Processing Integrity, Confidentiality, and Privacy. Often, during an audit, an organization goes through a security evaluation to analyze their security controls. Afterward, they will receive one of the following two types of reports: Relating to SOC 2 Type 1: A type 1 evaluation is based on an organization’s description of its security system — the suitability of its design and operational effectiveness of its controls. In short, the security controls are evaluated at a specific point in time.