There is no requirement that you have to do a SOC 2 Type 1 first prior to a SOC 2 Type 2. A type 1 audit is a point in time test and only looks at a sample of one for testing of controls. For ex. the audtor will look at your change management policies and test one change to ensure that the change management policy was followed. Wheeras for a Type 2, they will pick a sample of changes, typically 25 changes and test to ensure that the change management policies were followed for each of those changes. The only reason a Type 1 is done to ensure that the organization is ready for the rigors of a SOC 2 Type 2. If an organization feels confident for a type 2 audit – they can straight away begin a SOC2 Type 2.

OR