SOC (System and Organization Controls) reports are a series of reports created by the American Institute of Certified Public Accountants (AICPA) that evaluate an organization's internal control systems related to financial reporting, IT security, and other areas that are critical to the integrity and security of an organization's operations.
There are three main types of SOC reports:
SOC 1 Report: This report focuses on the internal controls related to financial reporting. It is commonly used by organizations that provide outsourced services that impact the financial statements of their customers, such as payroll processing or investment management services.
SOC 2 Report: This report focuses on the controls related to security, availability, processing integrity, confidentiality, and privacy of information in a system. It is used by organizations that want to demonstrate to their customers that they have effective controls in place to protect their data.
SOC 3 Report: This report is a general-use report that provides a summary of the organization's SOC 2 report, without a detailed description of tests and results.
SOC reports are typically conducted by independent auditors who evaluate the effectiveness of the organization's controls and issue a report that provides assurances to the organization's customers and stakeholders about the strength of its internal controls. The reports are often used by customers, business partners, and regulatory agencies to assess the risk associated with an organization's operations and services.
Germany
Greek
Spanish
France
Turkish
Italian
Russian
Portuguese (Brazil)
Dutch