SOC 2 Type 1 vs Type 2 Compliance

The author of the post indicates that their company is in the process of obtaining SOC 2 Type 1 compliance, focusing on the five Trust Services Criteria (TSC). They raise three main questions: the necessity for a small business to aim for all five TSC, the relevance of limiting compliance to Type 1 without pursuing Type 2, and the implementation of policies before the Type 1 audit. The author expresses concerns about the scope of the project and the time required to complete it.