Difference between SOC1 and SOC 2

A common question we are always asked is...."What is the different between SOC 1 and SOC2". Is it the same as Sox Audit. Is SOC 1 and SSAE the same. The confusion is endless.

On this page, we want to clarify the difference between SOC1 and SOC2.

SOC 1 audits (Also known as SSAE 16 audits) are primarily geared towards providing comfort to user auditor that there are adequate internal controls to ensure that the financial reporting related controls are adequate. The controls are more financial and less operational.

SOC2 audits, also part of the SSAE work, on the other hand are all about operatoinal controls. There are five principles that form the backbone of SSAE 16 (SOC 2 engagements).

• Security – The system is protected against unauthorized access (both physical and logical).
• Availability –The system is available for operation and use as committed or agreed upon.
• Processing Integrity – System processing is complete, accurate, timely, and authorized.
• Confidentiality –Information designated as confidential is protected as committed or agreed upon.
• Privacy –Personal information is collected, used, retained, disclosed, and/or destroyed in accordance with established standards.

So, if your customers are concerned that you may not have an environment where there information is secure or can be processed in a confidential manner, you are a good candidate for SOC 2 audits.

Ofcourse, if you are still figuring out what all this means, a two words email at manoj.jain@riskpro.in (Subject "Contact Me") will solve all your worries.

Other Services of Interest

  • Digital Forensic Services

    Riskpro has partnered with a specialist Digital Forensics Services firm to offer digital forensic services. This involves analysis of digital assets for specified objectives. Whether it is a...
  • Privacy and Data Protection Services - General Data Protection Regulation (GDPR)

    The EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years. Riskpro India now offers Indian companies Data Protection assessments, GDPR...
  • COSO ERM 2017 - Know the risks that matter

    In risk management, the end goal is to manage the risks that matter, and not to manage all the risks that can exist. For this, a welcome update to COSO ERM 2017 is the shift from process based risk...
  • Automating Legal Compliance Management

    Never miss a compliance. Register by sending an email to info@riskpro.in
  • Risk Management Score - Benchmarking Risk Management effectiveness

    Risk Mitigation results are often not apparent. This makes it more difficult to justify whether a company is doing it right. To overcome this issue, Riskpro has introduced a proprietary Risk...
  • Legal Compliance software - Partnership Announcement

    Riskpro is pleased to announce that we have partnered with LexComply to offer legal compliance software solutions to our clients. To learn more about legal compliance software that we have to offer...
  • Go to top