Companies and service organizations often feel overwhelmed when it comes to learning about SOC reports. This is understandable and it is important to do as much research as possible before selecting a team to work with and embarking on the SOC report journey.

In this blog, we will cover some basics about SOC reports, and direct you to the AICPA website for more detailed information.

AICPA stands for American Institute of Certified Public Accountants. It is a non-profit professional organization representing certified public accountants (CPA) in the United States. They developed the framework for SOC reports.

There are three main types of SOC reports. You have a SOC 1, which as two types of reports- being a SOC 1 Type 1 or a SOC 1 Type 2. Then you have a SOC 2 and a SOC 3 rounds out the bunch. All of these reports differ, but according to the AICPA, they are all designed to help service organizations that provide services to other entities, build trust and confidence in the service performed and controls related to the services through a report by an independent CPA. 

The AICPA’s website is a great place to start when trying to determine which report is right for your organization. In addition to detailed information on each report type and what the end deliverable means, they also offer a toolkit for service organizations as well as other documentation that will aide you in your research. Click here to be taken to their website:

SOC for Service Organizations: Information for Service Organizations (

Of course, we are here to help as well. Reach out to our team for any assistance as you begin working towards having your SOC report performed. We can answer any questions you may have and would be honored to work with you once you decide to get started.