Information technology - standards.

A SOC 1 report covers Service Organisation Controls. These are internal controls that are likely to be relevant to an audit of a service organisation's customer's financial statements.

A SOC 1 report is written documentation of the relevant internal controls.

SOC 1 is divided into Type 1 and Type 2 reports.

• A Type 1 reports on a service organisation’s suitability of design of controls on a specific date
• A Type 2 reports on the effectiveness of the control design over a period of time.

See also

• Cloud computing
• Information security management system
• Internal control
• ISO 27001
• Risk management
• Security
• SOC 2 report