Today's businesses have seen a dramatic increase in the use of outsourced providers to assist with executing processes from payroll, accounts payable, information technology, benefit plan administration and many other core processes. These processes ultimately have an impact on an organization's internal control over financial reporting but also could impact compliance and operational issues.

In 2011, the Statement for Auditing Standards Attest Engagements (SSAE 16) replaced the former SAS70 Standard. In May 2017, a new standard SSAE 18 has superseded SSAE 16. The concepts covered is referred to as a Service Organization Control Report (SOC). Organizations who utilize outsourced providers should understand of the various types of SOC reports, their intended use and their implication on a company's financial reporting process, regardless of your status as a publicly traded or privately held organization. The process can be complicated to understand as a user organization. Currently, several types of SOC Reports exist including:

  • SOC 1 - Type 1
  • SOC 1 - Type 2
  • SOC 2 - Type 1
  • SOC 2 - Type 2
  • SOC 2+
  • SOC 3
  • Cybersecurity SOC

This course speaks briefly to the transition from SAS 70 to SSAE 16 and now SSAE 18. However, the focus on the various Service Organization control reports, their purposes and uses.

• SOC readiness checklist
• SOC 1 questions
• Example control objectives

Learning Objectives
  • Explore the transition of the accounting standards.
  • Identify and evaluate the various types of service and subservice organizations.
  • Explore and examine procedures to conduct a SOC 1 engagement, SOC 2 and SOC 3 engagement.
  • Explore the SOC cybersecurity requirements.
  • Discover and evaluate the proper use of control objectives.
  • Explore the various reporting methods for SOC reports.
  • Recognize and evaluate requirements for user entities.
Last updated/reviewed: August 5, 2023
10 Reviews (31 ratings)


Anonymous Author
I enjoyed the refresher on SOC Reports and assessments from the execution to comparisons and reporting opinions. The questions need to be reviewed, some of the answers and questions are worded incorrectly.

Member's Profile
Training was a little longer than others but very informative. It made it very clear to understand the difference between a soc 1, 2 (type 1 and 2 report), 3 and the cybersecurity report.

Anonymous Author
Enjoyed this thorough review of the various types of SOC reports. I especially appreciate the summary diagrams of the target audience for each report, their uses, and limitations.

Member's Profile
As with all other's by this author, sufficiently comprehensive yet not overly burdened with detail with appropriate anecdotes added.

Anonymous Author
Great foundational course for anyone learning about SOC reports. The material was easy to understand and follow.

Member's Profile
This is a fairly deep summary of the differences between the various SOC reports and what each is used for.

Anonymous Author
This was an excellent training content with detailed information about SOC reports. Kudos to presenter.

Anonymous Author
Very useful and meaningful course. Highly recommended to be taken by all professionals.

Anonymous Author
Good overall presentation of what can be a somewhat confusing topic.

Anonymous Author
Very informative course. Not much to comment on anymore.

Course Complexity: Foundational
No advanced preparation or prerequisites are required for this course.
Education Provider Information
Company: Illumeo, Inc., 75 East Santa Clara St., Suite 1215, San Jose, CA 95113
Contact: For more information regarding this course, including complaint and cancellation policies, please contact our offices at (408) 400- 3993 or send an e-mail to .
Instructor for this course
Course Syllabus
  Introduction to Keys of Service Organization Control (SOC) Reports - Following SSAE 18 Requirements3:18
  SAS70 and SSAE16 to SSAE 1811:30
  Types of Service Organizations14:59
  Control Objectives7:06
  SOC 1 Execution8:10
  SOC 2 Engagements7:41
  SOC 2 Execution9:36
  SOC 3 Reports4:49
  SOC Comparisons and Reporting Opinion9:46
  SOC Reporting7:42
  Preparing for SOC Engagement and Summary3:26
  SOC 1 Questions for Consideration3:02
  Readiness Assessment Checklist7:01
  Keys of Service Organization Control (SOC) Reports - Following SSAE 18 Requirements1:38:06
  Slides: Keys of Service Organization Control (SOC) Reports - Following SSAE 18 RequirementsPDF
  Keys of Service Organization Control (SOC) Reports - Following SSAE 18 Requirements Glossary/ IndexPDF