What is SOC?
Developed by the AICPA (American Institute of
Certified Public Accountants), SOC refers to an assessment and reporting
service designed to ensure the responsible management of consumer data. The
service involves an independent evaluation of an organization’s overall
security and effectiveness, measured against extensive criteria.
SOC 1 and SOC 2
Businesses
look at SOC reports to determine the level of trust and confidence in their
service providers. Whereas SOC 1 focuses on financial reporting controls, SOC 2
is based on how securely a company handles sensitive data in its entirety, from
people and processes to infrastructure and software.
Two Audit Types
There are two types of SOC audits, aptly named type 1 and type 2. A type 1 report indicates a company’s status at the time of the audit, providing a virtual snapshot of the organizational controls as of a specific date. Type 2 audits observe ongoing security controls – usually requiring six months to a year of intense examination, monitoring, and analysis – to provide even more assurance of an organization’s ability to maintain compliance over time.
Value
Offering
an independent gauge of trust and transparency, SOC audits play an important
role in vendor management, internal corporate governance, risk management
processes, and regulatory oversight. SOC 1 Type 2 and SOC 2 Type 2 reports
demonstrate financial reporting precision and effective information security
controls, both of which are critical when choosing a payments provider.
Learn more about One Inc
security and compliance certifications here.
Check out
our special offer: 2 SOCs are better than one!