Soc 1 (Service Organization Control 1)

A Service Organization Control 1 or Soc 1 (pronounced "sock one") report is written documentation of the internal controls that are likely to be relevant to an audit of a customer’s financial statements.

Soc 1 is divided into Type 1 and Type 2 reports. A Type 1 reports on a service organization’s suitability of design of controls on a specific date, while a Type 2 reports on the effectiveness of the control design over a period of time. Soc 1 reports are performed by a service auditor. Soc 1 reports cover the requirements of SSAE 16.