What is a type I service organization control report?
In a type I service organization control (SOC) report, the service auditor will only report on the design and implementation of the service organization’s system of internal controls. There will not be any assessment performed on the operating effectiveness of the internal controls as that is covered in a type II SOC report.
A type I report is not useful for the user auditor as it does not allow the user auditor to reduce their control testing on the user organization.
As a reminder, the visual below illustrates the four parties involved in a SOC type I and type II report:
Back To All Questions