How secure is your IT security solution vendor?

A SOC 1 (also known as an SSAE 18) examination looks at the internal processes and controls an organisation uses to handle clients’ financial information. Certified public accountants can create a SOC 1 report that presents the information you need in a clear and concise manner.

The goal of a SOC 1 report is to provide an independent third-party opinion of the internal controls that may affect a user entity’s financial reporting. The report is designed to provide comfort to the organisation’s users and the users’ auditors regarding the controls in place at the organisation.

Organisations need a SOC 1 report to ensure that the internal controls over significant business processes prevent risks in their financial statements. SOC 1 reports are required by external auditors to satisfy compliance requirements.  The SOC 1 report contains details about tests performed on transactions and accounts applicable to their financial reporting, such as: Payables and receivables; Payroll and benefits; Loan and payment processing

There are two types of SOC 1 reports.

SOC 1 Type 1 asserts:

• the external service provider has accurately described a system
• that the described controls are in place
• that the controls as described should achieve your financial control objectives

SOC 1 Type 2 goes a step further to verify:

• that the controls did indeed function as described during a specified period
• describes the tests your accountant performed to make that determination
• and the results of those tests

The SOC 1 (SSAE 18) report, which provides assurance to auditing personnel about the integrity of your system’s controls, replaced the SSAE 16 standard in 2017.