Definition

Soc 1 (Service Organization Control 1)

Contributor(s): Alex DelVecchio

A Service Organization Control 1 or Soc 1 (pronounced "sock one") report is written documentation of the internal controls that are likely to be relevant to an audit of a customer’s financial statements.

Soc 1 is divided into Type 1 and Type 2 reports. A Type 1 reports on a service organization’s suitability of design of controls on a specific date, while a Type 2 reports on the effectiveness of the control design over a period of time. Soc 1 reports are performed by a service auditor. Soc 1 reports cover the requirements of SSAE 16.

This was last updated in April 2012

Dig Deeper on Cloud Computing Security Issues: Incident Response - Data Breach Prevention

What are the best criteria to use to evaluate cloud service providers? Many cloud providers are tight-lipped about internal security control details. Learn how to evaluate cloud security providers with certifications and third-party assessments.

Why centralization in a multi-cloud security strategy is key When moving to a multi-cloud infrastructure, there are a few strategies to keep in mind. Learn how centralization will limit the challenges of fragmented security access and monitor controls.

SSAE 16 The Statement on Standards for Attestation Engagements No. 16 (SSAE 16) is a set of auditing standards and guidance on using the standards, published by the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA), for redefining and updating how service companies report on compliance controls.

White hat Dave Kennedy on purple teaming, penetration testing Russia and other nation-states use application control bypass techniques because they don't "trigger any alarms," the chief hacking officer says.

Security Controls Evaluation, Testing, and Assessment Handbook In this excerpt from chapter 11 of Security Controls Evaluation, Testing, and Assessment Handbook, author Leighton Johnson discusses access control.

BYOK grants users the key to cloud encryption kingdom BYOK options from public cloud providers like AWS and Azure give users more control over their data encryption keys -- but not without some tradeoffs.

SearchSecurity

Soc 1 (Service Organization Control 1)

Dig Deeper on Cloud Computing Security Issues: Incident Response - Data Breach Prevention

Start the conversation

0 comments

Please create a username to comment.

-ADS BY GOOGLE

File Extensions and File Formats

SearchSecurity

IBM Cloud Pak for Security aims to unify hybrid environments

Ohio builds 'Cyber Reserve' to combat cyberattacks

Zero trust is IT security's best hope for effective defense

SearchCloudComputing

How to start your cloud career

Save money on instances with these cloud discounts

Google joins bare-metal cloud fray

SearchAWS

Get to know these AWS hybrid cloud storage and architecture services

A complete guide to AWS re:Invent 2019

AWS SysOps certification exam guide outlines admin responsibility

SearchCloudApplications

SearchServerVirtualization

Decide between SAN vs. hyper-converged for your virtual storage

Design your systems with virtualization architecture in mind

5 tips to ease Kubernetes adoption and legacy VM management

SearchVMware

VMware HCX improves VM mobility between vSphere clusters

An overview of VMware snapshots and how to manage them

How PowerCLI automation brings PowerShell capabilities to VMware

ComputerWeekly.com

Labour pledges review of NCSC in UK security overhaul

Beyond the database: Digging deeper into Oracle’s cloud strategy and its bid to conquer AWS

British Airways cancels flights due to technical issue

Related Terms

Dig Deeper on Cloud Computing Security Issues: Incident Response - Data Breach Prevention

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.

File Extensions and File Formats