The American Institute of CPAs is the world’s largest member association representing the accounting profession, with more than 431,000 members. The AICPA sets ethical standards for the profession and U.S. auditing standards for private companies, nonprofit organizations, federal, state and local governments.

A Service Organization Control 1, or SOC 1 engagement, is an audit of the internal controls at a service organization which have been implemented to protect client data.

SOC 2 Audit Reports are required If you are hosting or processing other types of information for your clients that does not impact their financial reporting.

Customer Benefits

What value does it add?
Adds accountability at the service organization
The management of the service organization can’t hide behind the service auditors report
Adds transparency to the system in question
How many times have you read a SAS 70 and still had no idea what the system did?
Gives additional comfort to the user entity that senior management at the service organization is involved

What does it not do?
It does not shift responsibility to the service organization
User entities are ultimately responsible for the systems they use, whether they are deployed and managed in-house or outsourced
It should not be considered a vehicle that transfers risk.


SOC 1 certification
SOC 2 certification


Awareness Training SOC 1
Awareness Training SOC 2