Topic-icon What are the difference between SOC 1 and SOC 2?

2 weeks 4 days ago #3964 by Ronak-Patel-google

What are the differences between a SOC 1 and SOC 2? Which SOC report should I get?

Please Log in or Create an account to join the conversation.

2 weeks 4 days ago #3966 by AngelaWong

A SOC 1 report is designed to address internal controls over financial reporting while a SOC 2 report addresses a service organization's controls that are relevant to their operations and compliance. One or both could be right for your organization.
Do check the source link for more information.
Source: linfordco.com/blog/soc-1-vs-soc-2-audit-reports/

Please Log in or Create an account to join the conversation.

1 week 3 days ago #3968 by Travis-Liska-google

SOC 1: The user organization’s internal control over financial reporting.
Relevant for:- Focuses on financial reporting risks, so it is most relevant for outsourced financial processing or support.

SOC 2: The user organization’s information security, availability, processing integrity, confidentiality and/or privacy.
Relevant for:- Relevant for: Range of outsourced IT systems and services. Principles chosen for audit depend on the type of services offered.

For more information read very good article on Which report do you need SOC 1 or SOC 2?: www.vistainfosec.com/blog/soc-1-vs-soc-2-report/

Please Log in or Create an account to join the conversation.