Difference between SOC1 and SOC 2

A common question we are always asked is...."What is the different between SOC 1 and SOC2". Is it the same as Sox Audit. Is SOC 1 and SSAE the same. The confusion is endless.

On this page, we want to clarify the difference between SOC1 and SOC2.

SOC 1 audits (Also known as SSAE 16 audits) are primarily geared towards providing comfort to user auditor that there are adequate internal controls to ensure that the financial reporting related controls are adequate. The controls are more financial and less operational.

SOC2 audits, also part of the SSAE work, on the other hand are all about operatoinal controls. There are five principles that form the backbone of SSAE 16 (SOC 2 engagements).

• Security – The system is protected against unauthorized access (both physical and logical).
• Availability –The system is available for operation and use as committed or agreed upon.
• Processing Integrity – System processing is complete, accurate, timely, and authorized.
• Confidentiality –Information designated as confidential is protected as committed or agreed upon.
• Privacy –Personal information is collected, used, retained, disclosed, and/or destroyed in accordance with established standards.

So, if your customers are concerned that you may not have an environment where there information is secure or can be processed in a confidential manner, you are a good candidate for SOC 2 audits.

Ofcourse, if you are still figuring out what all this means, a two words email at manoj.jain@riskpro.in (Subject "Contact Me") will solve all your worries.

Other Services of Interest

  • Sox Training

    Our sox training covers the following points. 1. What is SOX? 2. The Act and its Sponsorors. 3. The background for bringing in this act. 4. Major Sections in the Act 5. Section 404 overview 6...
  • EUC Risks : Manage Spreadsheet risks - Riskpro India

    EVENT OVERVIEW Uncontrolled and untested spreadsheet models pose significant business risks. These risks include: lost revenue and profits; mispricing and poor decision making due to prevalent but...
  • 1 Day AML Training by Riskpro India - Mumbai

    Training event in Bangalore on Anti Money Laundering (AML) and KYC “Are we doing enough to protect integrity of Indian financial sector?” Banks face growing costs to comply with AML requirements...
  • Risk Management Software - Riskpro India's solution for Automating Risk Management

    Riskpro India finally offers small and mid enterprises a risk management tool that helps them to manage risks effectively. To request a 30 days trial, please contact info@riskpro.in Why is Risk...
  • Riskpro's Service Verticals

    In today's world, risks are not few. An enterprise faces various risks and challenges and is subject to uncertainties and negative impacts from these risks. Managing risks is your key to untapped...
  • Privacy and Data Protection Services - General Data Protection Regulation (GDPR)

    The EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years. Riskpro India now offers Indian companies Data Protection assessments, GDPR...
  • Reduce your GDPR implementation Costs - Hire GDPR Experts in India

    Reduce cost for GDPR Compliance - Remote Consulting from India GDPR readiness assessment and implementation can be costly. And time is short. Instead of paying premium fees to local GDPR consultants...
  • Riskpro India on top of Emerging Risks that bother you

    Riskpro India is well positioned to offer advisory services for emerging risks such as Data Protection (GDPR), information security, assurance services such as Third party risk management, internal...
  • Assurance Services

    In Riskpro we believe that Internal audit function has to align its activities with business activities of any organisation to achieve its objectives. IA can be of significant value if it maintains...
  • Go to top