SOC 1 report

From ACT Wiki
Revision as of 20:44, 3 February 2019 by imported>Doug Williamson (Create page. Sources: The Treasurer Dec 18 / Jan 19, p25 & Techtarget webpage https://searchcloudsecurity.techtarget.com/definition/Soc-1-Service-Organization-Control-1)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

Information technology - standards.

A SOC 1 report covers Service Organization Controls. These are internal controls that are likely to be relevant to an audit of financial statements.

A SOC 1 report is written documentation of the internal controls that are likely to be relevant to an audit of a customer’s financial statements.


SOC 1 is divided into Type 1 and Type 2 reports.

  • A Type 1 reports on a service organization’s suitability of design of controls on a specific date
  • A Type 2 reports on the effectiveness of the control design over a period of time.


See also