This diagram illustrates the different types of SOC (Service Organization Control) reports, detailing their purposes and focus areas.
SOC 1 reports assess the internal controls over financial reporting (ICFR) and are divided into Type 1 (point in time) and Type 2 (performance over a period).
SOC 2 reports evaluate controls related to security, availability, processing integrity, confidentiality, and privacy, also divided into Type 1 and Type 2.
SOC 3 provides a summary of SOC 2 findings for public use.
SOC for Cybersecurity focuses on the organization’s cybersecurity risk management program, covering security policies, processes, and procedures.
#PinedaCyberSecurity #CyberSecurityMakesSenseHere #CyberSecurity #SOCReports #InternalControls #FinancialReporting #DataPrivacy #SecurityAssessment #RiskManagement #TSCReports #Compliance #InfoSec
