Difference between SOC1 and SOC 2

A common question we are always asked is...."What is the different between SOC 1 and SOC2". Is it the same as Sox Audit. Is SOC 1 and SSAE the same. The confusion is endless.

On this page, we want to clarify the difference between SOC1 and SOC2.

SOC 1 audits (Also known as SSAE 16 audits) are primarily geared towards providing comfort to user auditor that there are adequate internal controls to ensure that the financial reporting related controls are adequate. The controls are more financial and less operational.

SOC2 audits, also part of the SSAE work, on the other hand are all about operatoinal controls. There are five principles that form the backbone of SSAE 16 (SOC 2 engagements).

• Security – The system is protected against unauthorized access (both physical and logical).
• Availability –The system is available for operation and use as committed or agreed upon.
• Processing Integrity – System processing is complete, accurate, timely, and authorized.
• Confidentiality –Information designated as confidential is protected as committed or agreed upon.
• Privacy –Personal information is collected, used, retained, disclosed, and/or destroyed in accordance with established standards.

So, if your customers are concerned that you may not have an environment where there information is secure or can be processed in a confidential manner, you are a good candidate for SOC 2 audits.

Ofcourse, if you are still figuring out what all this means, a two words email at manoj.jain@riskpro.in (Subject "Contact Me") will solve all your worries.

Other Services of Interest

  • Reduce your GDPR implementation Costs - Hire GDPR Experts in India

    Reduce cost for GDPR Compliance - Remote Consulting from India GDPR readiness assessment and implementation can be costly. And time is short. Instead of paying premium fees to local GDPR consultants...
  • Riskpro India on top of Emerging Risks that bother you

    Riskpro India is well positioned to offer advisory services for emerging risks such as Data Protection (GDPR), information security, assurance services such as Third party risk management, internal...
  • Risk Appetite and Risk Strategy

    COSO Enterprise Risk Management 2017 is here. And one of the most important changes in ERM is that ERM ties back to strategy and business objectives. ERM is no more an isolated practice followed...
  • Introduction to GDPR - Data Protection Training Mumbai

    You are invited to an enriching introduction to the most important regulation in data privacy – The EU General Data Protection Regulation (GDPR). The regulation is creating ripples across the Indian...
  • Assurance Services

    In Riskpro we believe that Internal audit function has to align its activities with business activities of any organisation to achieve its objectives. IA can be of significant value if it maintains...
  • Risk Based Internal Audit Services

    Why Internal Audit Matters In order to run your business, you develop processes to manage the factors that drive performance and help control internal and external risks that could prevent you from...
  • Risk Management Score - Benchmarking Risk Management effectiveness

    Risk Mitigation results are often not apparent. This makes it more difficult to justify whether a company is doing it right. To overcome this issue, Riskpro has introduced a proprietary Risk...
  • Information Security Policies - Full Set

    Riskpro has put together a complete documentation toolkit for ISMS /ISO 27001 framework. To purchase this work template based toolkit, please send an email to info@riskpro.in.
  • SSAE 18 - SOC Audit and Attestation Services

    Riskpro has been providing SSAE 16/ now SSAE 18 and other information security services for over two years. Here are some of the major benefits our clients are experiencing. Benefits of SOC Audit...
  • Go to top