Soc 1 (Service Organization Control 1)

Contributor(s): Alex DelVecchio

A Service Organization Control 1 or Soc 1 (pronounced "sock one") report is written documentation of the internal controls that are likely to be relevant to an audit of a customer’s financial statements.

Soc 1 is divided into Type 1 and Type 2 reports. A Type 1 reports on a service organization’s suitability of design of controls on a specific date, while a Type 2 reports on the effectiveness of the control design over a period of time. Soc 1 reports are performed by a service auditor. Soc 1 reports cover the requirements of SSAE 16

This was last updated in April 2012

Dig Deeper on Cloud Computing Security Issues: Incident Response - Data Breach Prevention

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.