What are SOC 1 and SOC 2?

SOC 1 and SOC 2 audits provide a way for service organizations to build trust and transparency through external verification of internal controls. Using AICPA established criteria, multidisciplinary teams composed of licensed CPAs and information technology and security specialists perform the audit and provide reports relevant to security, availability, processing integrity, confidentiality, and privacy.

At a high level, the difference between SOC 1 and SOC 2 is this: SOC 1 audits evaluate internal control over financial reporting. SOC 1 audits are typically conducted on financial services providers—accounting firms, banks, credit unions, financial management and advisory services. SOC 2 audits evaluate internal control over other types of data—data that does not influence financial reporting. SOC 2 audits are typically conducted on providers of other types of services—support services to health care, legal, finance, defense industries, as well as vendors to large tech corporations like Microsoft and Amazon.

Additionally, a SOC 3 general use report covers the same topics reported on in the SOC 2 report but at a less detailed and specific level, intended for a general audience.

ISOutsource is a SOC 2 Accredited IT Support Provider

Other managed services providers offer marketing claims about their commitment to security, system integrity, and operational efficiency, ISOutsource delivers proof.

Our SOC 3 report is available for download by requesting it below. Our SOC 2 report is available (subject to an NDA) to clients and prospective clients. It provides an attestation that our systems are robust and secure and that our policies and procedures are mature and efficient.

  • Assistance in determining which report is appropriate—SOC 1 vs SOC

     

  • SOC 1 and SOC 2 Compliance Checklist

     

  • Pre-Audit Evaluation, Planning, Remediation, and Documentation

     

  • SOC 1 and SOC 2 Audit Checklist

     

  • Liaison Between Your Executives and External IT Auditors

     

     

  • Remediation of Gaps Discovered in the Audit Process

     

Is your organization considering an AICPA SOC 1 or SOC 2 audit? Contact ISOutsource today to learn more about how we will help you prepare for and comply with the SOC 1 or SOC 1 requirements.
Request ISOutsource SOC2 Type3 Report.
Request ISOutsource SOC2 Type2 Report (requires a non-disclosure agreement).