Soc Report

ISAE 3402 is an international standard provides guidance on the preparation of assurance reports for controls environments at service organisations. ISAE3402 reports are often used by technology companies, such as cloud and SaaS providers, as well as other business process outsourcing firms, to demonstrate to their customers that they have well-managed operations. The more widely recognised acronym for this type of report is ‘SOC’, originally standing for ‘Service Organisation Controls or, more recently, System and Organisational Controls. ...

What is a SOC2 report A SOC2 (System and Organization Controls) report assesses a service organisation’s control environment. Type 1 vs Type 2 report A Type 1 SOC2 report evaluates the design of controls at a specific point in time. A Type 2 SOC2 report assesses both the design and operating effectiveness of controls over a defined period, typically 12 months. Further reading Related pages ISAE 3402