SOC1 report (issued under SSAE18 (supersedes SSAE16 and SAS70).
A SOC1 Report (Service Organization Controls Report) is a report on Controls at a Service Organization which are relevant to user entities’ internal control over financial reporting.
The SOC1 Report is what was previously considered to be the standard SAS70 (or SSAE 16), complete with a Type I and Type II reports, but falls under the SSAE 18 guidance (as of May 1, 2017).
Type 1 Audit is a point in time financial audit. Type 2 covers a period of time certifying that the controls have been operated over a period of time.
SOC 1 is generally used for Financial Reporting. However a Soc1 report can also be issued for
- SDLC Process
- Change Management
- Ticketing
- Version Management
- General IT Controls
- Data Centre Controls
The report format for Soc1 is based on the controls specified for reporting by the organisation
Qadit can help you with the control definition and process listing for SOC1 reports.