SOC 1, like SOC 2, is derived from the System and Organization Controls (SOC) requirements defined by the American Institute of Certified Public Accountants (AICPA). Those requirements define the controls, or policies, procedures, and processes an organization uses to achieve and sustain compliance with sets of SOC recommendations.
SOC 1 audits typically focus on the internal controls relevant to a service organization’s financial reporting. Companies often pursue SOC 1 compliance as a first step toward SOC 2 compliance. SOC 2 audits and reports focus more on a company’s cybersecurity, information system, and critical data protection policies.
There are two types of SOC 1 audits. A Type 1 audit reports on the financial controls and control objectives at a business as of a specific date. A Type 2 audit reports on the same information, but focuses on a specific period of time, often but not necessarily six or 12 months. Unlike SOC 2 reports SOC 1 reports are not meant to be shared beyond your company and your auditor.
Trustero Compliance as a Service (CaaS) is cloud-based, easy-to-use compliance automation software. It is designed to simplify SOC 2 audit readiness and enable continuous compliance. It also has features that can aid SOC 1 compliance and reporting.
For example, the Trustero platform includes auditor-approved controls and auditor-vetted policy templates. In addition, it performs automated evidence gathering and validity testing. And it provides AI-powered recommendations for manual evidence gathering and testing. Trustero CaaS also integrates with leading Software as a Service (SaaS) tools and platforms. These features help make SOC 2 audits and creation of other SOC reports easier and faster, for you and your auditor.
The Trustero solution constantly monitors your technology infrastructure and can notify administrators when an element falls out of SOC 2 compliance. In addition, Trustero Compliance as a Service reports on your compliance posture, regularly and on demand. These and other features help you achieve and sustain continuous compliance with SOC 2. They also help you and your auditor meet all of your SOC auditing and reporting needs.