Type of SOC Audit SOC 1 SOC 2 SOC 3
Intended user Financial Auditors and officers of the user entities Users interested in the organizations adherence to Trust Principles (those served by the organization) Owners interested in the organization’s adherence to Trust Principles, specifically for marketing the organization
AICPA Guidance SSAE 16 AT 101 and AICPA Guide AT 101 and AICPA TPA
Audit Opinion for Type 1 reports
  • Fair description of controls and its implementation
  • Controls were suitably designed
  • Fair description of controls and its implementation
  • Controls were suitably designed
N/A – we report our opinions on whether service organization maintained effective controls over its system as it relates to the trust services principles being reported
Audit Opinion for Type 2 reports Controls are operating effectively during period in review Controls are operating effectively during period in review N/A – we report our opinions on whether service organization maintained effective controls over its system as it relates to the trust services principles being reported
Who can use the audit? Restricted to users that already have an understanding of the service organization and its controls Restricted to users that already have an understanding of the service organization and its controls General use, can be distributed freely
Control objectives Defined by client Principles based on AT 101:

  • Security
  • Availability
  • Processing integrity
  • Confidentiality
  • Privacy

 

Principles based on AT 101:

  • Security
  • Availability
  • Processing integrity
  • Confidentiality
  • Privacy

 

We invite you to contact us at Larson & Company soon to learn more about SOCs in Salt Lake City, St. George, Moab, and Spanish Fork, Utah. We look forward to hearing from you!