SOC 1 examinations for controls that impact financial reporting.

Designed for service organizations whose controls affect customers' financial statements and ICFR expectations.

Request a Proposal

Who requests SOC 1?

If you're a fintech, payment processor, or platform that handles financial transactions on behalf of customers, SOC 1 is likely what your customers' auditors are asking for. It covers fintech platforms, payment infrastructure providers, financial data processors, and similar service organizations whose controls are relevant to their customers' internal controls over financial reporting (ICFR).

Type I vs. Type II

Like SOC 2, a SOC 1 examination is available as Type I (design/implementation at a point in time) or Type II (design and operating effectiveness over a period). Type II is the standard expectation for mature engagements.

What the report covers

  • Description of the service organization's system
  • Controls relevant to customers' financial reporting
  • Tests of controls and results
  • Auditor's opinion on control effectiveness