If you’re ready to learn about SOC 1 IT General Controls, you are in the right place! SOC reporting doesn’t have to be a mystery. Let’s break down what these controls are and how they relate to your business.
What is a SOC 1 Report?
In order to analyze SOC 1 IT General Controls, it is important to first understand what a SOC 1 report is. A SOC 1 (Systems and Organization Control) report examines the internal controls your organization has in place in regards to systems that could impact your client’s financial reporting. A SOC 1 examination is meant to provide a third-party opinion on the internal controls you have in place and how they may impact your clients.
SOC 1 IT General Controls
The IT General Controls are only one part of a SOC 1 assessment. IT general controls analyzed by a SOC 1 report typically include, but are not limited to:
- Control Environment & Risk Assessment – controls around organization structure; policies and acknowledgements; employee background checks; management meetings/risk assessment
- Physical Access – controls around physical access (understanding if servers are onsite or if third-party data centers are used)
- Logical Access & Security – controls around logical access granted, modified, and removed, as well as privileged; passwords; websites; infrastructure (firewalls, SFTP, VPN, AV)
- System Monitoring – controls around monitoring software and subservice organization monitoring, if applicable
- System Change Management – controls around process for internally-developed software (authorization, testing, approval, segregation of duties, source code); patching; infrastructure changes
- Backup and Recovery – controls around the backup process (configurations, alerts, logs)
Choose Auditwerx for SOC 1
When it comes to SOC 1, Auditwerx has the expertise you need to succeed. Our team of knowledgeable IT auditors has completed over 2,500 compliance audits since 2005. If you are ready to discuss your compliance needs, contact us today.