New Delhi | Mumbai | Bengaluru | California

SOC 1 and SOC 2 Reporting

SOC 1 and SOC 2 Reporting

Based on COSO's 5 principles, A SOC Report is made.

The 2013 Framework focuses on five integrated components of internal control


Control environment


Set of standards, processes, and structures that provide the basis for carrying out internal

control across the organization.


Risk assessment

Forms the basis for determining how risks will be managed.


Control activities

Actions that help management mitigate risks.


Information and communication

Used to disseminate important information throughout and outside of the organization.


Monitoring activities

Periodic or ongoing evaluations to verify that each of the five components of internal

controls are present and functioning.

What is SOC Compliance?

A service organization controls (SOC) report is a way to verify that an organization is following some specific best practices before you outsource a business function to that organization.

SOC 1: It evaluates service organization controls that are applicable to a user entity’s internal control over financial reporting only.


SOC 2: An auditing procedure that ensures your service providers securely manage your data to protect the interests of your organization and the privacy of its clients.


SOC 3: They are general use reports that can be distributed freely or posted to the public on an organization’s website.

SOC 1 vs SOC 2 vs SOC 3