Difference between SOC1 and SOC 2

A common question we are always asked is...."What is the different between SOC 1 and SOC2". Is it the same as Sox Audit. Is SOC 1 and SSAE the same. The confusion is endless.

On this page, we want to clarify the difference between SOC1 and SOC2.

SOC 1 audits (Also known as SSAE 16 audits) are primarily geared towards providing comfort to user auditor that there are adequate internal controls to ensure that the financial reporting related controls are adequate. The controls are more financial and less operational.

SOC2 audits, also part of the SSAE work, on the other hand are all about operatoinal controls. There are five principles that form the backbone of SSAE 16 (SOC 2 engagements).

• Security – The system is protected against unauthorized access (both physical and logical).
• Availability –The system is available for operation and use as committed or agreed upon.
• Processing Integrity – System processing is complete, accurate, timely, and authorized.
• Confidentiality –Information designated as confidential is protected as committed or agreed upon.
• Privacy –Personal information is collected, used, retained, disclosed, and/or destroyed in accordance with established standards.

So, if your customers are concerned that you may not have an environment where there information is secure or can be processed in a confidential manner, you are a good candidate for SOC 2 audits.

Ofcourse, if you are still figuring out what all this means, a two words email at manoj.jain@riskpro.in (Subject "Contact Me") will solve all your worries.

Other Services of Interest

  • GDPR - Data Privacy Trainings - Six Webinar on GDPR Anniversary - Riskpro

    GDPR turns ONE on 25 May 2019. On this Anniversary, lets explore what the last 12 months meant for global companies as it relates to Data Protection and Privacy. Riskpro India has organised 6 GDPR...
  • HIPAA Awareness Training (Mandatory) - Riskpro India

    EVENT OVERVIEW: HIPAA stands for the Health Insurance Portability and Accountability Act and is a US regulation that deals with security measures for protecting patient’s medical records. Employees...
  • SEBI's Insider Trading Amendment - Free Webinar by Riskpro India

    Another important compliance topic that kicks off today. SEBI Amendment to Insider Trading Regulations. Join us for an hour to learn the important changes and how to deal with these. Register -...
  • Sox Training

    Our sox training covers the following points. 1. What is SOX? 2. The Act and its Sponsorors. 3. The background for bringing in this act. 4. Major Sections in the Act 5. Section 404 overview 6...
  • EUC Risks : Manage Spreadsheet risks - Riskpro India

    EVENT OVERVIEW Uncontrolled and untested spreadsheet models pose significant business risks. These risks include: lost revenue and profits; mispricing and poor decision making due to prevalent but...
  • 1 Day AML Training by Riskpro India - Mumbai

    Training event in Bangalore on Anti Money Laundering (AML) and KYC “Are we doing enough to protect integrity of Indian financial sector?” Banks face growing costs to comply with AML requirements...
  • GDPR Countdown

    Riskpro is working hard so that clients can GDPR deadline as the clock ticks away.
  • EU-US Privacy Shield for Data Transfers

    Come GDPR (General Data Protection Act) and EU-US PRivacy shield will assume more importance. Privacy Shield Overview The Privacy Shield program, which is administered by the International Trade...
  • Reduce your GDPR implementation Costs - Hire GDPR Experts in India

    Reduce cost for GDPR Compliance - Remote Consulting from India GDPR readiness assessment and implementation can be costly. And time is short. Instead of paying premium fees to local GDPR consultants...
  • Go to top