SOC Services
SOC 1, Type 2 Reports
-
The SOC 1 Report is intended to evaluate the effect of the internal controls at a service organization on the user entities’ financial statement assertions.
-
SOC 1 reports have become an essential tool for businesses in assessing the risks associated with their service organizations.
-
The standards that the SOC 1 report is based off of is SSAE 18.
-
Type 2 reports on the controls over a period of time, typically a full year.
-
It also determines the effectiveness of the control activities from a financial auditing standpoint.
SOC 1, Type 1 Reports
-
The same information is applicable to the SOC 1, Type 1 as the SOC 1, Type 2 displayed above, except the report is a point-in-time report that audits the controls on a specific date.
-
This option is less popular due to the point-in-time reporting.
SOC for Cybersecurity
-
The SOC for Cybersecurity reports require a licensed CPA firm to independently assess the organization’s controls relative to meeting the descriptive and control criteria as of a date.
-
Type 1 Report - As of a Specific Date
-
Type 2 Report - Over a Flexible Period of Time (Usually Atleast 6 Months)