What is a SOC Audit?

Published March 25, 2019 • < 1 min read

SOC 1 audits focus on controls that affect financial statements. The auditor must comply with the SSAE 18 attestation standard. The auditor must also comply with AT-C section 320 “Reporting on an Examination of Controls at a Service Organization Relevant to User Entities’ Internal Control Over Financial Reporting” and the AICPA Guide, “Service Organizations: Reporting on an Examination of Controls at a Service Organization Relevant to User Entities’ Internal Control Over Financial Reporting (SOC 1).”

SOC 2 audits focus on controls surrounding information security, availability, processing integrity, confidentiality, and privacy. While this report also requires SSAE 18 attestation standards, the auditor must follow AT-C section 105 and AT-C section 205. Additionally, the auditing standards follow the AICPA Guide, “SOC 2 Reporting on an Examination of Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy” and TSP section 100 “2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality or Privacy.”

To learn more about SOC audits, check out our SOC 2 guide.

Learn how we can fit into your business.

Schedule a demo to learn how we can help guide your organization to confidence in infosec risk and compliance.

Help us get to know you.

Get a demo