Image

Service Organization Control (SOC) 1


The SOC 1 (SSAE18) report, developed by the American Institute of CPAs (AICPA), addresses Internal Control over Financial Reporting (ICFR), in accordance with Statement on Standards for Attestation Engagements 18. If your organization’s service has a potential impact on your customers’ internal controls over financial reporting (ICFR), you should have a SOC 1 report.

Some examples of organizations who need SOC 1 reports include payroll processors, medical claims processors, loan service companies, data center companies and software-as-a-service (SaaS) companies that may impact the financials of their customers entities. For example, a university that uses a payroll processing company understands the material impact of payroll on their financial statement and thus would seek some independent assurance that their payroll is being handled according to their expectations.

Further, there are two types of SOC 1 reports available. The Type 1 report offers an opinion of your auditor that your system is designed suitably to achieve the related control objectives included in the description as of a specified date. The Type 2 report contains all the same information of Type 1 but focuses on testing the controls to prove their effectiveness over a specific time period.

Impacted Industries

  • Technology
  • Software as a Service (SaaS)
  • Data Centers and Co-location Facilities
  • Healthcare
  • Banking and Financial Services


The SOC 1 (SSAE18) report, developed by the American Institute of CPAs (AICPA), addresses Internal Control over Financial Reporting (ICFR), in accordance with Statement on Standards for Attestation Engagements 18. If your organization’s service has a potential impact on your customers’ internal controls over financial reporting (ICFR), you should have a SOC 1 report.

Some examples of organizations who need SOC 1 reports include payroll processors, medical claims processors, loan service companies, data center companies and software-as-a-service (SaaS) companies that may impact the financials of their customers entities. For example, a university that uses a payroll processing company understands the material impact of payroll on their financial statement and thus would seek some independent assurance that their payroll is being handled according to their expectations.

Further, there are two types of SOC 1 reports available. The Type 1 report offers an opinion of your auditor that your system is designed suitably to achieve the related control objectives included in the description as of a specified date. The Type 2 report contains all the same information of Type 1 but focuses on testing the controls to prove their effectiveness over a specific time period.


Impacted Industries

  • Technology
  • Software as a Service (SaaS)
  • Data Centers and Co-location Facilities
  • Healthcare
  • Banking and Financial Services

Hyperproof Makes SOC 1 Compliance Simple

  • Starter controls for SOC 1

  • Ability to map a control to multiple regulatory standards. Reduce time to compliance for all regulations that matter to your business

  • Get notified when SOC 1 requirements change

  • Re-use evidence across multiple frameworks and controls

  • Quickly collect evidence to document your efforts to pass audits with ease

  • Pinpoint & prioritize your critical work stream

  • SOC 1 Type 1 and Type 2 reports supported

  • Starter controls for SOC 1

  • Ability to map a control to multiple regulatory standards. Reduce time to compliance for all regulations that matter to your business

  • Get notified when SOC 1 requirements change

  • Re-use evidence across multiple frameworks and controls

  • Quickly collect evidence to document your efforts to pass audits with ease

  • Pinpoint & prioritize your critical work stream

  • SOC 1 Type 1 and Type 2 reports supported


Image

Get the latest on Hyperproof

Sign up today for early access to Hyperproof, product information, and other unique opportunities.

Get the latest on Hyperproof

Sign up today for early access to Hyperproof, product information, and other unique opportunities.