The SOC was developed by the American Institute of CPAs ( AICPA ). It defines the criteria for managing customer data based on five “trust principles”.

• security
• availability
• confidentiality
• processing integrity
• privacy
  

Report SOC 1®

• Submitting reports on inspections in the service organization
• Relevant to the internal control of user entities 
• Financial reporting

It corresponds to the needs of the user entities’ management. The auditors assess the effect of the service organization by checking the assertions of the entity’s accounting unit. These reports are an important part of user entities’ evaluation of their internal controls over financial reporting for compliance with laws and regulations and for the user entity’s auditors who plan and conduct financial audits.

Report SOC 2®

The SOC 2 Type 1 report is particularly useful for service companies because it can increase their competitive advantage. It provides potential customers with the assurance that the service organization has passed the audit process outlined above and that their data is secure when working with a company that is compatible with SOC 2.

As the number of cybercrime cases increases, there is a concomitant increase in customer demand for SOC 2 Type 1 reporting. Companies now want to work with vendors who can demonstrate that they can readily manage or handle sensitive data well. This report is now considered a necessity for companies that handle customer data, such as healthcare companies and financial institutions.

Generating a SOC 2 Type 1 report is also quick, once the service unit completes the readiness assessment. Clients usually look for this report when shopping for a third-party supplier, especially since the Type 2 SOC 2 report, can take up to a year to complete.

What’s more, the audit for this report is generally cheaper because auditors require minimal data to determine the service organization’s position in terms of compliance with regulations. Likewise, it is not necessary to involve staff or provide as much documentation as would be required when submitting a Type 2 report.

Service organizations should strive to adhere to SOC 2 Type 1, especially when attempting to form a partnership with larger companies that are particularly vigilant. There is a greater likelihood of larger companies working with service entities that have a SOC 2 Type 1 report prepared by a reputable auditor. To put it briefly, adhering to this audit procedure gives the service provider a competitive advantage.