SOC 1’s are intended to discuss the internal controls for financial reporting (ICFR). Think about it this way, if your service has an impact on the financial statements of your customers, then you will likely be looking at a SOC 1. But those financial related controls aren’t the only thing that might be in the report. You may find that you also need to report on some of the things you would find in a SOC 2, like security, confidentiality, etc. Those can be incorporated as well because, in SOC 1, you define the Control Objectives.
What is a SOC 1?
Does your service impact the financial statements of your customers?

Written by Mr. ByteChek
Updated over a week ago
Updated over a week ago