SOC Series: SOC Report Types Breakdown (part 2)

SOC Official Definition

SOC Report Breakdown

*chart adapted from YouTube video created and shared by licensed CPA firm KirkpatrickPrice
  • Internal Control Over Financial Reporting (ICFR) — assesses how effective an organization’s financial reporting controls are, specifically as pertaining to the effect on users
  • Trust Service Principles — designed to address information security, assesses an organization’s controls pertaining to: Security, Availability, Processing Integrity, Confidentiality, Privacy
  • Restricted Use — describes who the report’s intended audience is
  • Type 1 — think snapshot, or one-off; “report on the fairness of the presentation of management’s description of the service organization’s system and the suitability of the design of the controls to achieve the related control objectives included in the description as of a specified date.” [AICPA]
  • Type 2 — similar to Type 1, but over a specified period of time, as opposed to a snapshot



  • Oversight of the organization
  • Vendor management programs
  • Internal corporate governance and risk management processes
  • Regulatory oversight



  • AICPA’s SOC Homepage — overview of the SOC Suite of Services. Includes links to official descriptions for SOC 1, SOC 2 & SOC 3
  • 1-Minute Overview — quick video from licensed CPA firm KirkpatrickPrice describing basic differences between SOC 1 vs SOC 2 vs SOC 3 Reports
  • Does Your Block Need a SOC?“A casual, but informative read for technical and non-technical executives on the role of third-party assurance over blockchains and other things crypto.” Part 1 of 3-part series from Noah Buxton, Director, Blockchain, Risk Assurance & Advisory at AraminoLLP.
  • SOC Wikipedia Page — succinct overview of report levels and types as well as the 5 Trust Service Principles reports focus on




Writing about DAOs mostly & crypto education

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Bridge Finance Public Sale: 5th Dec 2020, Midnight Singapore Time (GMT +8)!

READ/DOWNLOAD@& CompTIA Security+ Certification Study Guide, Second Edition (Exam SY0–401)…

Epic Women in Cyber — Filiz Demirci

No Bullshit SQL Injection For Beginners

SHR Trading Competition Rolling Out 33,333,333,333 SHR to be won!

{UPDATE} Celebrity Royal Beard Salon Hack Free Resources Generator

Taking The Jump (Leap!) to AWS: Performance, Costings and other things

Sheepfarm — ‘NGIT’

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


Writing about DAOs mostly & crypto education

More from Medium

Blago.Capital Weekly report

What Powers SAVANA?

blockchain cryptocurrency wallpaper image

The Opposite…..

How to Live in Europe on $500 a Month*