About This Resource
What is a SOC Report? There are actually three types of SOC reports; SOC 1, SOC 2, and SOC 3. The first of the SOC reports, SOC 1, provides a formal audit of a company’s self‐imposed controls for financial transactions.
The shortfall with SOC 1 is that the relevance of the audit solely depends on the controls formulated and included by the service provider and the credibility of the auditor. With the emergence of new technology services and cloud computing entities, the need was recognized to protect against the over‐application of SOC 1 by standardizing the adherence to the industry standard Trust Services Principles, Security, Availability, Processing Integrity, Confidentiality and Privacy.
In recent years SOC 2 Type 2 has become the industry best practice for ensuring security of highly sensitive cloud‐hosted data. SOC 2 significantly expands on SOC 1 but may not be cost-effective for smaller organizations who are unable to readily meet the demands of the five Trust Services Principles and an in‐depth audit of their security protocols.
You May Also Like...
SOC3 Overview
What is a SOC Report? Why the need for a SOC report? Which report should I require? Find out these answers and more.
Download Now
Data Security In a Zero-Trust Environment
Regardless of the security measures put in place, careless sharing of passwords or simply being unaware of threats can negate best efforts.
Security Overview
Learn about TCP's security framework based on industry best practices and widely adopted security principles.
Benefits of a SaaS Solution
Learn about the benefits of SaaS or cloud solution versus an internal solution by factoring time, IT resources, deployment, cost and security.
See it in Action
See how you can empower your people with proven workforce management solutions.
Watch a Demo Video