SOC Stands For Service Organization Controls, And Are Standards Designed To Assist Service Organizations Imparting Services To Their Clients And Customers. It Helps To Build Confidence And Trust Between The Entities And The Service Provider.

SOC Assessment And Audit Reports Are Classified Depending On Their Usage And Service Controls.

SOC 1

SOC 1 pertains to ICFR i.e., Internal Control over Financial Reporting. Under this standard, reporting is done over the controls of service organization over its end user’s financial reporting. This is classified under two categories Type 1 reporting & Type 2 reporting.

• Type 1 Report: Reporting focuses on the suitability of the design of controls of a financial organization and the related objectives on a specified date.
• Type 2 Report: Reporting focuses on the suitability of the effectiveness of controls of a financial organization to achieve the related objective throughout the specified period.

SOC 2

SOC 2 reporting is concerned for Service Organization’s Trust Services Criteria (TSC). It defines controls necessary at a service organization that are relevant to Security, Processing Integrity, Privacy, Availability etc.

TSC reporting is required to confer to the board category if controls that are necessary to adhere by the service organization’s systems in terms of security, availability, and processing integrity. SOC 2 reports are also classified under two categories namely:

• Type 1 Report: Reporting focuses on the suitability of the design of controls of a service organization and the related objectives on a specified date.
• Type 2 Report: Reporting focuses on the suitability of the effectiveness of controls of a service organization to achieve the related objective throughout the specified period.