SOC examinations, commonly called SOC audits, provide your clients with the internal control and security assurances they need to rely on your service. Although other types are available, SOC 1 and SOC 2 are the most common.
A SOC 1 audit provides assurances over your internal control practices that relate to your services. Most commonly, SOC 1 audits relate to internal controls over financial reporting, for example, a payroll provider or a health insurance claims administrator. SOC 1 audits can, however, address other types of internal controls as well.
A SOC 2 audit provides assurances over your organization’s internal controls over security and, if required, availability, confidentiality, processing integrity, and privacy. SOC 2 audit reports are commonly requested if your clients are relying on you to safeguard their data. Software-as-a-service companies and datacenters are commonly asked to provide SOC 2 reports.
