Service and Organization Controls report
When do you need a SOC report?
SOC 1,2 or 3 model?
Purpose of SOC report | Which controls are covered in your report | |
---|---|---|
SOC1 | Assurance for your customers financial statements | Controls relevant to your customers financial reporting |
SOC2 | Assurance to customers or other stakeholders on Security, Confidentiality, Processing integrity, Availability and/or Privacy | Controls on Security, Confidentiality, Processing integrity, Availability and/or Privacy |
SOC3 | To provide potential customers and the public assurance on your controls | General information on Security, Confidentiality, Processing integrity, Availability and/or Privacy |
Report on | Testing | |
---|---|---|
Type 1 | Description of organisation’s systems and control objectives The auditor’s opinion on the fairness of that description The auditor’s opinion on the design of controls to achieve the control objectives | At a specific point in time |
Type 2 | Description of organisation’s systems and control objectives The auditor’s opinion on the fairness of that description The auditor’s opinion on the design of controls to achieve the control objectives The auditor’s opinion on the operating effectiveness of the implemented controls to achieve the control objectives | Over a period, usually 6 months |
Type 1 or 2?
Method
Next Steps
We provide you a free consultation to explain what SOC means to you, whether it is the best choice for your business and how that relates to your other certifications or compliance obligations. Contact us here for a free consultation.