If you are new to SOC* reporting, you might be wondering about the different kinds of SOC* reports available. No matter if you are looking to receive a SOC* type 1 or SOC* type 2, there are two different versions of each report to consider.
Do I need a SOC 1®* or SOC 2®* report?
There are two different kinds of SOC* reports, but that is separate from the types of reports available. Both SOC 1®* and SOC 2®* reports can be completed as either a Type 1 or Type 2 report.
- A SOC 1®* report is necessary for service organizations that may impact the financial reporting of their clients (for instance, income reporting or a balance sheet).
- A SOC 2®* report is for service organizations that hold, store, or process their client’s sensitive information, but do not impact the finances of their clients.
SOC* Type 1 Report
A “Type 1” report analyzes management’s description of a service organization’s system and the suitability of the design of controls related to the applicable trust services criteria description as of a specified date.
A Type 1 report analyzes your systems at a specific point in time. Think of it like a snapshot of your systems, offering an overview on the procedures or controls your organization utilizes at a specific point in time.f
Describes Your System As a Whole
Assesses Your Organization's Internal Controls
Testing Occurs at a Specific Point in Time
SOC* Type 2 Report
A “Type 2” report analyzes management’s description of a service organization’s system and the suitability of the design and operating effectiveness of the controls related to the applicable trust services criteria throughout a specified period. This type of report offers assurance to your clients on how your systems are used day-to-day.
A Type 2 report usually offers a greater level of trust to your clients because they have more visibility into the way your systems are set up. When clients ask about the status of your SOC 2 compliance, they are usually looking for a SOC 2®* Type 2 report, as it provides evidence of the way your systems are being used over time.
Describes Your System As a Whole
Assesses Your Organization's Internal Controls
Testing Occurs Over a Period of Time During Which Your Controls Are Operational
Includes Detailed Descriptions of Your Assessor's Testing and the Results of Your Controls
Your SOC* Type 1 and Type 2 Compliance Partner
Auditwerx has been trusted by companies big and small with their SOC* readiness and assessment needs. We are ready to be your true partner for compliance and help you set your business on the path to success. If you are ready to get started on your SOC* compliance journey, contact us today.