SOC 1 Certifications
In 2011, the American Institute of Certified Public Accountants (AICPA) codified SOC 1, which is based on standards designed to help service organizations analyze the various controls and systems put into place to safeguard data hosting for others. A SOC 1 report, previously known as a SAS 70 report, gives the company’s user entities limited assurance that financial information is being handled properly and securely.
The purpose is to provide important information to user entities about the service organization’s controls and the potential impact on the user entity’s financial statements. SOC 1 audits adhere to guidelines found in the Statement on Standards for Attestation Engagements No. 16 (SSAE 16). (Note: SSAE 16 has now been updated to SSAE 18) and a SOC 1 report is typically only used internally by either the service organization’s management team, the user entity, or the entity’s auditors (both internal and external).
Who Needs a SOC 1 Report?
Businesses that may need a SOC 1 report include payroll processors, loan servicers, medical claim processors, and loan servicing companies.
Types of SOC 1 Reports
There are two different types of SOC 1 reports that may be needed, including:
- SOC 1 Type 1 – This report, which only covers a specific period of time, addresses the effectiveness of internal controls over outsourced services provided to user entities. It reports on the fairness of management’s description of the service organization’s system and the suitability of design to achieve relevant objectives.
- SOC 1 Type 2 – This report covers a specific period, typically one year, and focuses on the design of internal controls along with operating effectiveness over time to help meet the objectives of outsourced services provided to user entities. It provides assurance that controls were designed and are operating properly to meet objectives regarding service delivery during the period under review. This report is more comprehensive and includes an opinion on the effectiveness of controls.
We’re Here to Help
JLK Rosenberger has significant experience providing SOC 1 reports to businesses in Los Angeles, Dallas, and across the country. A quality SOC 1 audit may reduce your organization’s IT risk profile. Whether this is your first SOC certification, or it is part of an ongoing program, our dedicated professionals stand ready to help. To learn more, complete the form to the right and a team member will reach out shortly.