Skip to main content

SOC 2 Type II

Moodi Mahmoudi avatar
Written by Moodi Mahmoudi
Updated over 3 weeks ago

At a glance

NEXT AI maintains a SOC 2 Type II report covering controls relevant to the Trust Services Criteria (Security and Availability). A Type II report tests the design and operating effectiveness of controls over a defined period. NEXT AI's report is the outcome of an audit performed by an independent third-party firm certified by the American Institute of CPAs (AICPA). The engagement was performed by Prescient Assurance LLC, TN.

What is SOC 2?

SOC 2 is an independent attestation examining controls at a service organization that are relevant to the protection and reliable processing of customer data. Reports are structured around the AICPA’s Trust Services Criteria: security, availability, processing integrity, confidentiality, and privacy. AICPA & CIMA+1

Type I vs Type II

  • Type I: Were the controls designed appropriately at a specific point in time?

  • Type II: Were the controls designed and operating effectively over a period (commonly 3–12 months)?

This distinction helps buyers understand depth and durability of assurance.

Scope at NEXT AI

  • Controls mapped to relevant Trust Services Criteria (with security always included).

  • Technical safeguards include encryption, access control, logging/monitoring, vulnerability management, and incident response (see related security pages).

  • Organizational safeguards include background checks, training, vendor management, and documented policies/procedures.

How customers access the report

The SOC 2 Type II report (and any bridge letters, where applicable) is available to Enterprise customers and qualified Enterprise prospects under NDA. Contact NEXT AI’s team to request access.

FAQ

Q: Is NEXT AI SOC 2 Type II?

Yes. NEXT AI maintains a SOC 2 Type II report covering relevant Trust Services Criteria.

Q: What’s the difference between SOC 2 Type I and Type II?

Type I evaluates design of controls at a point in time; Type II evaluates design and operating effectiveness over a period.

Q: Which SOC 2 Trust Services Criteria does NEXT AI meet?

NEXT AI meets the Security and Availability, as defined by the AICPA’s criteria.

Q: How long is the Type II assessment period?

Common windows are 3, 6, 9, or 12 months, depending on readiness and audit scope.

Q: Can I see NEXT AI’s SOC 2 report?

Yes—available under NDA to Enterprise customers and qualified Enterprise prospects. Request access from NEXT AI.

Q: Does SOC 2 guarantee legal compliance (e.g., GDPR)?

No. SOC 2 provides assurance on controls; legal/regulatory compliance is assessed separately (see GDPR Commitment page for privacy law coverage.)

Q: What is a bridge letter and when is it used?

A bridge letter covers the period between the end of the audit window and the present, stating whether material changes occurred. It’s commonly provided alongside an in-period report.

Related Articles
NEXT AI Marketplace
Organizational security policies
Vendor management
Data subprocessors
Application infrastructure
Did this answer your question?