According to the American Institute of Certified Public Accountants (AICPA), a SOC 1/SOC 2 Report attests to a service organization's capacity to manage client data in a safe and trustworthy way. The report was developed in response to the ongoing shift to cloud computing. This impartial report, provided by a CPA company, attests to the results of a comprehensive audit that focuses on system-level controls that are used to process the information of customers. In contrast to a SOC 1 report, which focuses on financial reporting controls, a SOC 2 report focuses on information security measures.
The SOC 1/SOC 2 Type 2 Service Auditors report, which includes the Security and Availability Trust Services Criteria, is typically referred to when someone inquires about your "SOC 1/SOC 2" certification. This type of report covers the design and documenting of controls as well as the operation of the documented controls over some time. It is also known as a Type 2 report (usually a year)
Please keep in mind that the scope of controls provided in a SOC 1/SOC 2 Type 1 and SOC 1/SOC 2 Type 2 report may be the same in some cases. Thus, a Type 2 report is not necessarily more severe than a Type 1 report in terms of content. There is a significant difference between controls being studied "on paper" at a single moment in time and controls being reviewed while in operation over an extended period of time.