System and Organization Controls (SOC) is an auditing standard developed by the American Institute of Certified Public Accountants (AICPA). SOC audit reports allow financial auditors comfort that the service providers their clients engage with have a minimum set of organizational controls in place that have been audited by an accredited third party.
Auditors may reference SOC reports in their audits rather than having to perform audit discovery directly on their client’s service providers. Thus, choosing a cloud services provider who has a SOC audit can reduce your requirement in meeting audit obligations.
There are three levels of SOC audits:
SOC 1: Controls consistent with service organizations’ own policies and objectives.
SOURCE All Covered