Definition

Soc 1 (Service Organization Control 1)

Alex DelVecchio, Content Development Strategist

A Service Organization Control 1 or Soc 1 (pronounced "sock one") report is written documentation of the internal controls that are likely to be relevant to an audit of a customer’s financial statements.

Soc 1 is divided into Type 1 and Type 2 reports. A Type 1 reports on a service organization’s suitability of design of controls on a specific date, while a Type 2 reports on the effectiveness of the control design over a period of time. Soc 1 reports are performed by a service auditor. Soc 1 reports cover the requirements of SSAE 16.

This was last updated in April 2012

Dig Deeper on Cloud Computing Security Issues: Incident Response - Data Breach Prevention

Open Source Processors for Next-Generation Storage Controllers
5 steps to a secure cloud control plane

By: Dave Shackleford
What are the best criteria to use to evaluate cloud service providers?

By: Nick Lewis
Why centralization in a multi-cloud security strategy is key

By: Dave Shackleford

Related Terms

Dig Deeper on Cloud Computing Security Issues: Incident Response - Data Breach Prevention

Open Source Processors for Next-Generation Storage Controllers

5 steps to a secure cloud control plane

What are the best criteria to use to evaluate cloud service providers?

Why centralization in a multi-cloud security strategy is key