The cornerstone of trust in financial reporting is achieved through SOC 1 Reports. Organizations can effectively communicate information about their risk management and control framework to multiple stakeholders.

SOC 1 reports are ideally suited for businesses that handle financial or non-financial information for their clients that impact the customer financial statements or internal controls over financial reporting. You are a service organization performing transaction processing or supporting systems that are relevant to your client’s financial reporting (for example, payroll processing, payment processing, health care claims processing, financial services, and custodian services). Below are the commonly asked questions about the SOC 1 Report and Certification

What is the difference between a SOC 1 audit and a SOC 2 audit?

In its simplest form, a SOC 1 is a report on controls at a service organization relevant to a user entity’s internal control over financial reporting. On the other hand, a SOC 2 report is related to controls at a service organization relevant to the trust services criteria

What Is an SSAE 18 audit?

As the basis for the Service Organization Controls (SOC) 1 report, the Statement on Standards for Attestation Engagements (SSAE) No. 18 replaced SSAE No. 16 as of May 1, 2017, assures your customers’ auditors that your service organization controls are well-designed and operating smoothly. It’s an examination to help to build ongoing and long-lasting trust between you and your customer. The term “SSAE 18” has been replaced with simply “SOC 1.”

For how long is a SOC 1 audit valid?

Generally, for one year, 12 months.

How much does a SOC 1 audit cost?

Fees are based on the time required by the auditors assigned to the engagement and consider the agreed-upon level of preparation and assistance from the company’s personnel. Fees will vary based on the number of control objectives and control activities within a service organization, whether the audit is a Type I or Type II, and the number of locations included in the audit scope. During the planning phase, you will work with an E Com Security Solutions representative to discuss your scope.

What is the SOC 1 audit process?

We typically approach SOC audits following this streamlined process:

  • Scoping / Control Design
  • Gaps Analysis
  • Remediation Support
  • Audit/Testing
  • Reporting

From start to finish, our audit team will work closely with your organization to ensure an end-end managed experience. Our SOC 1 audit services are designed to help your organization build credibility without increasing stress for your team.

How will the audit affect our workplace environment?

It is our goal to provide the least amount of disruption to an organization’s productivity, while still gathering the important data needed to provide an accurate and complete SOC 1 examination.

What are the deliverables?

Once we have completed the examination, our auditors create a thorough and professional report of their findings. Reports are delivered to each organization digitally to expedite the process of sharing the report with clients and others. Our auditors also deliver recommendations to the organization for improving their processes and internal controls, if needed, to further solidify their compliance.

How E Com Security Solutions Can Help?

With over 4000 SOC 1 & SOC 2 assessments completed and more than 15 years of experience, E Com Security Solutions is a leader in helping organizations ensure they have the right controls in place to protect the financial information of their customers and business partners.