Compliance and Security Audits: SOC 1 - Type I and Type II Assessments

We develop SOC 1 Type 1 (Type I) and Type 2 (Type II) reports.

A SOC 1 Report (Service Organization Controls Report) is a report on controls at a service organization which are relevant to user entities’ internal control over financial reporting.

• Type 1 reports are as of a particular date (sometimes referred to as point-in-time reports) that includes a description of a service organization’s system as well as tests to help determine whether a service organization’s controls are designed appropriately. Type 1 reports test the design of a service organization’s controls, but not the operating effectiveness.
• Type 2 reports cover a period of time (usually 12 months), include a description of the service organization’s system, and test the design and operating effectiveness of key internal controls over a period of time.