An audit report done by an objective, third-party firm that would be responsible for assessing your cybersecurity practices. All companies that hold customer information throughout their operation should consider scheduling and go through an audit. Depending on the maturity of the company, the intended audience for the report, and the scope, there are two types of SOC 2 reports to choose from: SOC 2 Type 1 and SOC 2 Type 2.