SOC stands for Service Organization Controls, and are standards designed to assist service organizations imparting services to their clients and customers. It helps to build confidence and trust between the entities and the service provider.
SOC reporting are classified depending on their usage and service controls.
SOC 1 pertains to ICFR i.e., Internal Control over Financial Reporting. Under this standard, reporting is done over the controls of service organization over its end user’s financial reporting. This is classified under two categories Type 1 reporting & Type 2 reporting
SOC 2 reporting is concerned for Service Organization’s Trust Services Criteria (TSC). It defines controls necessary at a service organization that are relevant to Security, Processing Integrity, Privacy, Availability etc.
TSC reporting are required to confer to board category if controls that are necessary to adhere by the service organization’s systems in terms of security, availability, and processing integrity. SOC 2 reports are also classified under two categories namely:
SOC 3 reporting is done in line with SOC 2 reporting, with the only difference that SOC 3 reporting is meant for general use or for customers who need assurances regarding the necessary controls maintained and managed by the organization.
SOC 3 reports can be freely distributed while SOC 1 & SOC 2 reports are meant to be restricted in distribution.
QRC has been fore-runner in providing assessment and advisory services in Governance, Risk and Compliance. And as your compliance partner, will assist you in providing:
The assessment and certification approach is based on a defined SOCs metrics, and based on our findings, we would provide a compliance report for:
Free Security Check for upto 10 ips on first order
30% off from all standard rates on web application scans
Complimentary training programs from industry best trainers