SOC 1 is an acronym for Service Organization Control 1 which is a report documenting the internal controls that are considered relevant to the audit of a customer’s financial statements.

 There are two types of SOC 1 reports, namely:

  • SOC 1 Type 1 – this type of report presents how fair the management’s description of the system falling under the service organization is. It also accounts for the suitability of the controls’ design that helps achieve the related objectives specified under a specific date in the description.
  • SOC 2 Type 2 – this type of report showcases the fairness of the presentation in the description of the service organization’s system. It holds the information on the suitability of the design and effectiveness of the operating controls that are aimed towards achieving control objectives included in the description throughout a specified period.

 The usage of these reports is limited to your company, your auditors, and your customers. If you want a public-shareable report, you may want to develop a SOC 3.


See Scrut in action!