SOC 1 & 2 Reporting in India

SOC 1 Reporting

A SOC 1 Report (System and Organization Controls Report) is a report on Controls at a Service Organization which are relevant to user entities’ internal control over financial reporting. The SOC1 Report is what you would have previously considered to be the standard SAS70 (or SSAE 16), complete with a Type l and Type II reports, but falls under the SSAE 18 guidance

Service auditor’s report

Management’s assertion

Management’s detailed description of systems

Details on the auditor’s tests of controls related to each control objective and results

SOC 2 Reporting

Developed by the American Institute of CPAs (AICPA), SOC 2 defines criteria for managing customer data based on five “trust service principles”—security, availability, processing integrity, confidentiality and privacy.

Soc 2 Certification


Access Control

Two factor Authentication



Performance Monitoring

Disaster Recovery

Security incident Handling


Network / Application firewalls

Two factor Authentication Intrusion Decision

Processing Integrity

Quality Assurance

Processing Monitoring



Access Controls

Network/ Application firewalls