A customer relies on this SOC 2 Type II report to assess a cloud provider's controls. What is the primary limitation of this report?
Controls are not tested beyond the audit period.
Why this answer
The report covers controls tested from Jan to Dec 2023, not current. Controls may have changed since. The report is not predictive, but the time lag is the key limitation.
Scope is per provider, unbiased.