SOC 1 report: Difference between revisions
From ACT Wiki
Jump to navigationJump to search
imported>Doug Williamson (Standardise to UK spelling for organisation.) |
imported>Doug Williamson (Add link.) |
||
| (One intermediate revision by the same user not shown) | |||
| Line 13: | Line 13: | ||
== See also == | == See also == | ||
* [[Cloud computing]] | |||
* [[Information security management system]] | * [[Information security management system]] | ||
* [[Internal control]] | * [[Internal control]] | ||
| Line 18: | Line 19: | ||
* [[Risk management]] | * [[Risk management]] | ||
* [[Security]] | * [[Security]] | ||
* [[SOC 2 report]] | |||
[[Category:Accounting,_tax_and_regulation]] | [[Category:Accounting,_tax_and_regulation]] | ||
[[Category:Technology]] | [[Category:Technology]] | ||
Latest revision as of 18:37, 19 April 2019
Information technology - standards.
A SOC 1 report covers Service Organisation Controls. These are internal controls that are likely to be relevant to an audit of a service organisation's customer's financial statements.
A SOC 1 report is written documentation of the relevant internal controls.
SOC 1 is divided into Type 1 and Type 2 reports.
- A Type 1 reports on a service organisation’s suitability of design of controls on a specific date
- A Type 2 reports on the effectiveness of the control design over a period of time.
