SOC 1
An AICPA audit report on a service organization's controls that are relevant to its customers' internal control over financial reporting.
In more detail
SOC 1 is an audit report focused specifically on controls relevant to customers' financial reporting. When a service organization handles processes that affect its customers' financial statements, such as payroll or payment processing, a SOC 1 report gives those customers and their auditors assurance about the controls around that processing.
It differs from SOC 2 in scope and audience. SOC 2 addresses security, availability, and related trust criteria for a broad set of stakeholders, while SOC 1 addresses financial-reporting controls for customers and their auditors. As with SOC 2, a Type II report attests that the controls operated effectively over a period, not just that they were designed well.
Where this shows up at Ceven
Where a workflow touches processes relevant to financial reporting, the controls and evidence a SOC 1 examination looks for, approvals, segregation, and a reliable record of what happened, map onto Ceven's human-approval gates and full audit trail. The recorded trail of every action is the kind of evidence such audits depend on.