A SOC 2 Type II report is an in-depth audit report that evaluates the effectiveness of an organization's internal controls over time, covering a period of 12 months. This report is based on the Trust Services Criteria (TSC) established by the American Institute of CPAs (AICPA) and provides detailed information about how a service organization manages and protects customer data.