Understanding SOC 2 Type I & Type II Compliance for Iterate

Compliance with the Statement on Standards for Attestation Engagements (SSAE) No. 18, also known as Service Organization Control (SOC) 2, is increasingly important for software and cloud-based services. At Iterate, we are proud to announce that not only is our product SOC 2 Type I compliant, but we have now also achieved SOC 2 Type II compliance.

The American Institute of Certified Public Accountants (AICPA) created the SSAE No. 18 to define a control framework which meets the requirements of the Federal Information Security Management Act (FISMA). SOC 2 reports are based on the SSAE No. 18 and provide assurance that service organizations and products meet the trust principles of security, availability, processing integrity, confidentiality, and privacy.

- SOC 2 Type I examines the suitability of a service organization’s system description, documenting and evaluating the suitability of the design of controls to meet the trust principles. The Type I report is based on a point-in-time assessment, which is done at the beginning of the audit.

- SOC 2 Type II goes a step further by not only evaluating the design but also the effectiveness of these controls over a specified period of time. This means that Type II compliance demonstrates that the controls have been effectively operating over this time frame.

Iterate undergoes annual external audits to verify its SOC 2 compliance for both Type I and Type II. Publicly available reports from independent auditors are available that contain details about the product’s SOC 2 compliance. These reports verify that Iterate has established, maintained, and effectively operated its internal controls for both types of compliance.