Service Organization Controls (SOC) Report
Types of SERVICE ORGANIZATION CONTROL REPORTSSM
SOC 1 Reports on Controls at a Service Organization Relevant to User Entities’ Internal Control Over Financial Reporting: SOC 1SM reports are examination engagements performed by a service auditor (CPA) in accordance with Statement on Standards for Attestation Engagements (SSAE) 16, Reporting on Controls at a Service Organization to report on controls at a service organization that are likely to be relevant to an audit of a user entity’s financial statements. Use of a SOC 1SM report is restricted to existing user entities (not potential customers) and their auditors.
(i) Type 1 – A report on management’s description of the service organization’s system and the suitability of the design of the controls to achieve the related control objectives included in the description as of a specified date.