SOC 1 Reports Type 1 & Type 2
TYPE 1 REPORTS
Type 1 reports focus on the effectiveness of policies and procedures in place at a service organization at a specified point in time and (1), confirm that controls are actively in place, (2), measure the effectiveness of the controls, and (3), assess how fairly the service organization's management has presented the controls to you.
TYPE 2 REPORTS
Type 2 reports cover policies and procedures currently in operation and test their effectiveness over a period of time. These reports include everything from the Type 1 report (examination and confirmation of controls in place) plus an analysis of the operating effectiveness of controls over a specified period of at least six consecutive months. Type 2 reports are favored by many user organizations for their thoroughness.
SOC 2 Reports
SOC 2 reports outline the controls in place at your service organization and analyze their:
availability of information
SOC 2 reports provide evidence for your customers and other stakeholders that effective controls are in place which meet worldwide security concerns.
SOC 2 reports are intended for a wider range of audiences than SOC 1 reports, but are not available to the general public. Their availability is restricted to those who have a demonstrated need for the information contained therein, and these reports are often a component of regulatory oversight, vendor management programs, and internal corporate governance.
SOC 2 engagements also include the option of Type 1 and Type 2 reports, as described above.
SOC 3 Reports
SOC 3 reports, also known as Trust Services Reports, are more general and are intended for a broader audience than the other reporting options. They’re designed for anyone interested in a CPA's opinion about the availability, security, and processing integrity of controls at a service organization. SOC 3 Reports are often used for marketing purposes, distributed online, or posted on a service organization's website to prove that they have controls in place to manage risks associated with outsourcing services.