Skip to content
Contact an Expert

SOC 1 Audit Reports

Prepared in accordance with Statement on Standards for Attestation Engagements (SSAE).

SOC 1

A SOC 1 report is a type of reporting framework designed by the American Institute of Certified Public Accountants (AICPA). The SOC 1 report provides assurance to user entities (typically clients of service organizations) and their auditors regarding the effectiveness of the service organization's controls relevant to financial reporting.

This report is based on the Statement on Standards for Attestation Engagements (SSAE) No. 18, which outlines the requirements and guidance for conducting SOC 1 engagements.

SOC 1 reports primarily focus on business processes and IT general computer controls which may impact internal regulation over financial reporting. SOC 1 reports are restricted use reports, which mean use of the reports is restricted to:

  • Management of the service organization (the company who has the SOC 1 audit performed)
  • User entities of the service organization (service organization’s clients)
  • The user entities’ financial auditors (user auditor)
SOC Cliff Notes_Cover

Download our "Cliff Notes" for a Better Understanding of SOC 1, SOC 2, and SOC 3 today.

SOC 1 reports contain two types:

Type 1
This report evaluates the design and implementation of controls at a service organization as of a specific date. It assesses whether the controls are suitably designed to achieve the objectives specified.

Type 2
This report covers the same aspects as the Type I report but also includes an evaluation of the operating effectiveness of the controls over a specified period. It provides assurance on the implementation and effectiveness of the controls.

SOC 1 vs. SOC 2

Learn about the differences between a SOC 1 audit and a SOC 2 audit below.

Learn More