SOC 1, SOC 2 | Compliance
What are SOC 1 and SOC 2?
SOC 1 and SOC 2 audits provide a way for service organizations to build trust and transparency through external verification of internal controls. Using AICPA established criteria, multidisciplinary teams composed of licensed CPAs and information technology and security specialists perform the audit and provide reports relevant to security, availability, processing integrity, confidentiality, and privacy.
At a high level, the difference between SOC 1 and SOC 2 is this: SOC 1 audits evaluate internal control over financial reporting. SOC 1 audits are typically conducted on financial services providers—accounting firms, banks, credit unions, financial management and advisory services. SOC 2 audits evaluate internal control over other types of data—data that does not influence financial reporting. SOC 2 audits are typically conducted on providers of other types of services—support services to health care, legal, finance, defense industries, as well as vendors to large tech corporations like Microsoft and Amazon.
Additionally, a SOC 3 general use report covers the same topics reported on in the SOC 2 report but at a less detailed and specific level, intended for a general audience.
ISOutsource is a SOC 2 Accredited IT Support Provider
Other managed services providers offer marketing claims about their commitment to security, system integrity, and operational efficiency, ISOutsource delivers proof.
Our SOC 3 report is available for download by requesting it below. Our SOC 2 report is available (subject to an NDA) to clients and prospective clients. It provides an attestation that our systems are robust and secure and that our policies and procedures are mature and efficient.