What is a SOC 1?
SOC 1 is an attestation report on your internal controls over financial reporting (ICFR) & governed by the AICPA.
Is this your first SOC 1 audit?
Start with our auditor- proven audit preparation services!
We will identify your risks & control gaps, present recommendations, provide audit tips & tricks, and remediate your issues prior to your SOC 1 audit.
SOC 1 Partnership Benefits
- Financial & IT transparency & alignment.
- Protects your customers’ and partners’ financial data.
- Prevents massive fines from governing bodies like SEC.
- Builds trust with investors, customers & executives.
Frequently Asked Questions
Is SOC 1 required?
No- however, customers or investors typically request to prove your financial data is protected and secured.
Can SAM help with audit preparation?
Yes! In fact, we can create the entire report & control objectives to ship off to an audit partner for you.
What is the difference between Type 1 and Type 2?
Type 1 is the design of your security program with proven policies and a sample of 1.
Type 2 is over a period of time (goal is to audit 1 year of data) with sample based testing that proves your policies and controls are in place.
How often do I need a SOC 1 audit?
Every year.
Does SOC 1 overlap with over compliance?
Yes! All the IT processes & company wide controls such as HR, will overlap with SOC 2, ISO, PCI, HIPAA.
Do I need Type 1 or Type 2?
It depends on the client requirement and contract terms. Typically, if it is your first audit, Type 1 will be accepted for the first year. Your goal is Type 2 which the observation starts immediately after the Type 1 issuance.