A firm uses a third$-$party data center to host its financial transaction platform, which involves sensitive customer information. The firm would like assurance regarding the controls in place at the data center to secure customer data. Which SOC report is most suitable for the firm to request from the service organization?

A SOC $2$ Type $1$ report, because it reports on the design of controls at a point in time, providing sufficient detail for stakeholders interested in the security over customer information.

A SOC $2$ Type $2$ report, because it provides an opinion on the operational effectiveness of security controls over a period of time, which could offer assurance to the firm$$s stakeholders.

A SOC $3$ report, because it is intended for general distribution, which will address high$-$level controls at the data center and can be freely shared with stakeholders.

A SOC $1$ Type $2$ report, because it focuses on internal controls related to financial reporting and would be most pertinent to the firm$$s financial transactions.