SOC 1 report: Difference between revisions
From ACT Wiki
Jump to navigationJump to search
imported>Doug Williamson (Create page. Sources: The Treasurer Dec 18 / Jan 19, p25 & Techtarget webpage https://searchcloudsecurity.techtarget.com/definition/Soc-1-Service-Organization-Control-1) |
imported>Doug Williamson (Standardise to UK spelling for organisation.) |
||
| Line 1: | Line 1: | ||
''Information technology - standards.'' | ''Information technology - standards.'' | ||
A SOC 1 report covers Service | A SOC 1 report covers Service Organisation Controls. These are internal controls that are likely to be relevant to an audit of a service organisation's customer's financial statements. | ||
A SOC 1 report is written documentation of the internal controls | A SOC 1 report is written documentation of the relevant internal controls. | ||
SOC 1 is divided into Type 1 and Type 2 reports. | SOC 1 is divided into Type 1 and Type 2 reports. | ||
*A Type 1 reports on a service | *A Type 1 reports on a service organisation’s suitability of design of controls on a specific date | ||
*A Type 2 reports on the effectiveness of the control design over a period of time. | *A Type 2 reports on the effectiveness of the control design over a period of time. | ||
Revision as of 20:52, 3 February 2019
Information technology - standards.
A SOC 1 report covers Service Organisation Controls. These are internal controls that are likely to be relevant to an audit of a service organisation's customer's financial statements.
A SOC 1 report is written documentation of the relevant internal controls.
SOC 1 is divided into Type 1 and Type 2 reports.
- A Type 1 reports on a service organisation’s suitability of design of controls on a specific date
- A Type 2 reports on the effectiveness of the control design over a period of time.
