A SOC 2 Type 2 audit is an examination of a company's controls over a period of time, typically six to 12 months, to ensure they are designed effectively and operating as intended. The audit is performed by an independent third-party auditor who assesses the company's controls against the Trust Service Criteria (TSC), which includes security, availability, processing integrity, confidentiality, and privacy.