← Back to glossary
ComplianceUpdated 2026-07-06

SOC 1

An AICPA audit report on a service organization's controls that are relevant to its customers' internal control over financial reporting.

In more detail

SOC 1 is an audit report focused specifically on controls relevant to customers' financial reporting. When a service organization handles processes that affect its customers' financial statements, such as payroll or payment processing, a SOC 1 report gives those customers and their auditors assurance about the controls around that processing.

It differs from SOC 2 in scope and audience. SOC 2 addresses security, availability, and related trust criteria for a broad set of stakeholders, while SOC 1 addresses financial-reporting controls for customers and their auditors. As with SOC 2, a Type II report attests that the controls operated effectively over a period, not just that they were designed well.

Where this shows up at Ceven

Where a workflow touches processes relevant to financial reporting, the controls and evidence a SOC 1 examination looks for, approvals, segregation, and a reliable record of what happened, map onto Ceven's human-approval gates and full audit trail. The recorded trail of every action is the kind of evidence such audits depend on.

Related terms

See it in production.

Start free