Governed by the AICPA (American Institute of Certified Public Accountants) standards, SOC (Service Organization Control) 1 reports allow your clients to be assured that the appropriate controls are in place in your environment that are relevant to your clients’ controls over financial reporting.
Previously, SAS 70 (Statement of Attestation Standards) was used to provide evidence that an organization had operational controls in place with regard to the financial reporting of their customers. However, as of 2011, SOC 1 / SSAE 16 (Standards of Attestation Engagements) superseded SAS 70.
As of May 1, 2017, any report opinion on or after that date will be issued under the SSAE 18 standard.
Remember that two types of SOC 1 reports exist:
Many times, clients call Type I the policies documentation and Type II the testing phase. Although this is accurate, Type I is more than that as several other audit artifacts are required outside of policies and procedures (e.g. Risk Assessment, Pen Testing etc.). Elevate helps you navigate through the difference and determine what is the best approach to achieve compliance.