The various Service Organization Control (SOC) Reports

  • SOC 1 Report ( same as SAS 70 type 1 and 2) :  In SOC 1 controls are self-defined , No certification seal is offered.SOC 1 utilizes the AICPA SSAE 18 Attestation Standard (AT) 801 professional standard for issuing such reports. SOC 1 is generally geared towards service organizations with internal controls relating to financial reporting. 
  • SOC 2 Report – Trust Services Report: This report is technical, and distribution restricted to only management-Standardized control. SOC 2 uses AT 101 professional standard. SOC 2 is for technology-oriented service organizations -Cloud Service Provider.
  • SOC 3 Report – Trust Services Report: This report is not technical. Because they are general use reports, SOC 3 reports can be freely distributed or posted on a website- Standardized control-Certification seal

Main Page:

Check the SSAE folder on your USB for the SSAE 18 Test Plan and more Information on the principle and criteria

error: Content is protected !!