SOC 2 Type 1 is an attestation report that focuses on the description of a service organization's system and the suitability of the design of its controls at a specific point in time
SOC 2 Type 2 goes a step further than Type 1. It assesses not only the design of the systems and corresponding controls (like in Type 1) but also the operational effectiveness of those controls over a specific review period, typically six months to a year. This report gives a historical view of the organization’s data management over time, adding a layer of assurance about how controls have been operating.
SOC 2+ or SOC 2 “Plus” represents an additional level of certification against an expanded control set, including control alignment against the HIPAA Security Rule, and additionally maps product controls to key controls for GDPR, PCI DSS, and UK NCSC Cloud Security Principles.
The below Palo Alto Networks cloud offerings and services have received a SOC 2+ which means a SOC 2 Type 2 with additional HIPAA compliance included: