<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=286651792909821&amp;ev=PageView&amp;noscript=1">
Featured Image Illustration

Quick Guide: System and Organization Controls (SOC)

As the proverbial gold standard for consumer data protection, System and Organization Controls (SOC) reporting provides verification that an organization has passed a rigorous audit and adheres to industry-leading system security and suitability guidelines. Although SOC audits are voluntary, with the recent increase in cyberattacks against insurance companies, this high-value report provides an important layer of validation for insurers choosing third-party vendors who will have access to their sensitive data.

What is SOC?

Developed by the AICPA (American Institute of Certified Public Accountants), SOC refers to an assessment and reporting service designed to ensure the responsible management of consumer data. The service involves an independent evaluation of an organization’s overall security and effectiveness, measured against extensive criteria.

SOC 1 and SOC 2

Businesses look at SOC reports to determine the level of trust and confidence in their service providers. Whereas SOC 1 focuses on financial reporting controls, SOC 2 is based on how securely a company handles sensitive data in its entirety, from people and processes to infrastructure and software.

Two Audit Types

There are two types of SOC audits, aptly named type 1 and type 2. A type 1 report indicates a company’s status at the time of the audit, providing a virtual snapshot of the organizational controls as of a specific date. Type 2 audits observe ongoing security controls – usually requiring six months to a year of intense examination, monitoring, and analysis – to provide even more assurance of an organization’s ability to maintain compliance over time.


Offering an independent gauge of trust and transparency, SOC audits play an important role in vendor management, internal corporate governance, risk management processes, and regulatory oversight. SOC 1 Type 2 and SOC 2 Type 2 reports demonstrate financial reporting precision and effective information security controls, both of which are critical when choosing a payments provider.

Learn more about One Inc security and compliance certifications here.



Check out our special offer: 2 SOCs are better than one!

One Inc Socks SOC Confident

Patricia Moore Photo
Written by

Patricia is passionate about helping insurers continue to achieve success in a rapidly changing industry. She offers news, insights, and tips to help you modernize your organization, boost efficiency, and provide a superior customer experience for today’s policyholders.

Want to read more articles like this?