SOC Certification Service

Soc is designed to help service organizations that provide services to other entities, build trust and confidence in the service performed and controls related to the services through a report.
Types of soc compliance
soc 1 (soc for service organizations icfr): report on controls of a service organization relevant to user entities’ internal control over financial reporting (icfr).
Soc 2 (soc for service organizations, trust services criteria): report on controls of a service organization relevant to security, availability, processing integrity, confidentiality and privacy.
Soc 3 (soc for service organizations trust services criteria for general use report): these reports are designed to meet the needs of users who need assurance about the controls of a service organization.
Soc for cyber security (new): a reporting framework for communicating information about the effectiveness of cybersecurity risk management program to a broad range of stakeholders.
Soc for vendor supply chain (under development): an internal controls report on a vendor’s manufacturing process for customers of manufacturers and distributors to better understand the security risks in their supply chains.
Soc assurance reporting
type 1 (point in time) reports cover the suitability of the design of controls as of a point in time. The type I report is a snapshot in time.
Type 2 (period of time) cover the suitability of design and operating effectiveness of controls over a period of time, typically 6 or 12 months.