Instructor for this course

Today's businesses have seen a dramatic increase in the use of outsourced providers to assist with executing processes from payroll, accounts payable, information technology, benefit plan administration and many other core processes. These processes ultimately have an impact on an organization's internal control over financial reporting but also could impact compliance and operational issues.

In 2011, the Statement on Standards for Attestation Engagements (SSAE) 16 replaced the former Statement on Auditing Standards (SAS) 70. In May 2017, a new standard, SSAE 18, superseded SSAE 16. 

The concepts covered in this course are referred to as a Service Organization Control Report (SOC). Organizations who utilize outsourced providers should understand the various types of SOC reports, their intended use and their implication on a company's financial reporting process, regardless of your status as a publicly traded or privately held organization.  The process can be complicated to understand as a user organization. Currently, several types of SOC Reports exist including:

  • SOC 1 - Type 1
  • SOC 1 - Type 2
  • SOC 2 - Type 1
  • SOC 2 - Type 2
  • SOC 3
  • Cybersecurity SOC

This course speaks briefly to the transition from SAS 70 to SSAE 16 and now SSAE 18.  However, the focus is on the various Service Organization Control Reports, their purposes and uses.

Course Series

This course is included in the following series:

2 CoursesAll About SSAE 18

  1. Service Organization Control Reports under SSAE18
  2. Understanding the Requirements of SSAE18

Learning Objectives

  • Explore the transition of the accounting standards from Statement on Auditing Standards (SAS) 70 to Statement on Standards for Attestation Engagements (SSAE) 16 and now SSAE 18.
  • Recognize the various types of service and subservice organizations.
  • Explore procedures to conduct a SOC (Service Organization Control) 1 engagement, develop proper control objectives and determine specific reporting methods.
  • Explore procedures to conduct and report on a SOC 2 engagement
  • Recognize the requirements for SOC 3 reports.
  • Explore the SOC cybersecurity requirements.
  • Recognize the requirements to prepare for a SOC engagement.
  • Recognize the requirements for user entities.

14 Reviews (41 ratings)Reviews

Member's Profile
This is a good introduction to the concepts of SSAE and specifically SOC reports
Member's Profile
I already had some experience reviewing SOC 1 reports, but this course helped me gain a good perspective on what these reports are really about. I also appreciated the instructor's admonition to think thoroughly when documenting control objectives - a lesson I will take with me when updating RCM's for SOX.
Anonymous Author
The information provided is very precise and well-organized. The time allotted in this course is just about right to get a general understanding of the different type of SOC reports.
Member's Profile
The content was very informative. The instructor had great examples to elaborate on her points in the presentation. She made it easy to follow and understand SSAE 18.
Member's Profile
The trainer has put in good content that covers the basics of SOC1 and SOC2 for those who want to get started.
Member's Profile
I found the slides in combination with the audio to be an effective tool for learning this information.
Member's Profile
Liked the explanation for transition from SAS70 TO SSAE16 Standards
Member's Profile
Great refresher on the purposes of SOC 1 and SOC 2 reports.
Anonymous Author
Good information over the differences between SOC reports.
Member's Profile
Interesting information
Member's Profile
Very solid overview
Anonymous Author
Excellent course.
Anonymous Author
Member's Profile


Course Complexity: Foundational

No Advanced Preparation or Prerequisites are needed for this course. 

Education Provider Information

Illumeo, Inc., 75 East Santa Clara St., Suite 1215, San Jose, CA 95113
For more information regarding this course, including complaint and cancellation policies, please contact our offices at (408) 400- 3993 or send an e-mail to .
Course Syllabus
  5:20Introduction to Service Organization Control Reports under SSAE18
SOC Reports under SSAE18
  10:28Move From SAS 70 and SSAE 16 to SSAE 18
  4:51Types of Service Organizations
  8:54SOC 1 Engagements
  10:20Control Objectives
  11:58SOC 1 Reporting
  4:46SOC 3 Reports
  2:39Preparing for SOC Engagement
  3:06SOC Comparisons
  4:46User Entity Expectations
Continuous Play
  1:09:57Service Organization Control Reports under SSAE18
  PDFSlides: Service Organization Control Reports under SSAE18
  PDFService Organization Control Reports under SSAE18 Glossary/Index