WHAT IS A SOC 1 REPORT, AND WHY DO I NEED ONE?
A System and Organization Controls or SOC 1 report is a formal audit of a service provider’s controls that affects their client’s internal control over financial reporting. SOC 1 reports, formerly known as SAS 70 and SSAE 16 reports, are specifically intended to meet the requirements of the entities that use service organizations and those entities’ financial statement auditors.
By obtaining a SOC 1 attestation report that is performed by a third-party CPA firm, not only are you providing an increased level of confidence to your clients but also adding significant value to your service organization. A successful SOC 1 audit will differentiate your organization from your competitors by demonstrating the establishment of an effective control environment and a commitment to the security of your client’s data and confidential information.
Contact Us Today
As of May 1, 2017, the SOC 1 / SSAE 18 standard replaced the SOC 1 / SSAE 16. Most requirements remained the same, however, there are some important changes to consider. These changes include maintaining a formal Vendor Management Program, performing periodic Risk Assessments and placing greater emphasis on the monitoring of Subservice Organizations.
To learn more about this transition, please visit here:
THERE ARE TWO TYPES OF SOC 1 REPORTS
Type 1 – The Type 1 report informs your clients and their auditors that your organization has accurately described its systems and controls, that the described controls are in place, and that the controls are designed to accomplish your financial control objectives. This type of report reflects your organization’s controls as of a specific date in time.
Type 2 – The Type 2 report, in addition to providing the same information as the Type 1 report, verifies that the controls are operating as intended, describes the tests your auditors performed to make that determination, and provides the results of those tests. This type of report reflects your organization’s controls over the course of a specific review period.
WHAT IS THE KEY DIFFERENCE BETWEEN A SOC 1 AND A SOC 2 REPORT?
The determining factor when choosing between a SOC 1 and SOC 2 report is whether your organization’s controls are relevant to and have an impact on your client’s internal control over financial reporting. If the answer is yes, then you need a SOC 1 instead of a SOC 2 report.
Organizations that typically need a SOC 1 report include:
- Payroll / PEO Services
- Financial Services
- Collection Agencies
- Bulk Mail and Printing Services
- Loan Servicing
- Third-Party Administrators
- Cloud Computing Providers
- Managed IT Services
- Data Centers and Colocation Facilities
FOR ASSISTANCE WITH A SOC 1 REPORT, PLEASE COMPLETE THE CONTACT FORM BELOW OR SEND US AN EMAIL AND ONE OF OUR SUBJECT MATTER EXPERTS WILL RESPOND TO YOU SHORTLY.
WHICH SOC REPORT DO I NEED?
The audience of a SOC 1 report is typically the user organization’s CFO, CIO, Compliance Officer, Internal Audit Director and Financial Statement Auditors whereas a SOC 2 report’s audience is typically the user organization’s CFO, CIO, Compliance Officer, vendor management executives, regulators and certain business partners.
HOW CONTROL LOGICS CAN HELP
Our team of experienced certified information security auditors understand the complexities and key differences between each framework and what they mean to your organization. Our goal is to help you achieve compliance quickly and with minimal disruption to your daily business. Our service delivery model is designed to provide an unparalleled client service experience and our friendly audit team takes a collaborative approach towards helping our clients maximize the long-term business value of their audit and compliance activities.
In addition to a streamlined approach, Control Logics offers:
- Competitive, fixed-fee pricing
- Discounts for multi-year contracts
- Reduced on-site fieldwork by using our secure online client portal
- Director-level support and involvement in each phase of the engagement
To see how we can help your organization, contact us today!