Technology based service organizations have seen the SOC 2 report gain immense traction over the past couple years.
As a result, service organizations that have successfully completed SOC 1 examinations are now being asked [by their clients] to undergo a SOC 2 examination as well. Performing an additional examination can seem daunting, yet essential to maintain and potentially win new customers.
Fortunately many of the controls between the SOC 1 and SOC 2 may overlap. In these instances, the service auditor should be able to leverage the documents for certain controls/criteria used to complete the SOC 1 for use in the SOC 2. The necessary work required to complete the additional report will be incremental (assuming the time periods overlap).