SOC 1 & 2 Reporting in India

SOC 1 Reporting

A SOC 1 Report (System and Organization Controls Report) is a report on Controls at a Service Organization which are relevant to user entities’ internal control over financial reporting. The SOC1 Report is what you would have previously considered to be the standard SAS70 (or SSAE 16), complete with a Type l and Type II reports, but falls under the SSAE 18 guidance

Service auditor’s report

Management’s assertion

Management’s detailed description of systems

Details on the auditor’s tests of controls related to each control objective and results

SOC 2 Reporting

Developed by the American Institute of CPAs (AICPA), SOC 2 defines criteria for managing customer data based on five “trust service principles”—security, availability, processing integrity, confidentiality and privacy.

Soc 2 Certification

Privacy

Access Control

Two factor Authentication

Encryption

Availability

Performance Monitoring

Disaster Recovery

Security incident Handling

Security

Network / Application firewalls

Two factor Authentication Intrusion Decision

Processing Integrity

Quality Assurance

Processing Monitoring

Confidentiality

Encryption

Access Controls

Network/ Application firewalls