Home

SOCrapporten

SOCrapporten is the Danish term for a SOC report, a formal assurance document produced under the System and Organization Controls (SOC) framework. It is issued by independent auditors to evaluate the internal controls of a service organization that affect user entities’ financial reporting or non-financial trust criteria. The SOC framework is maintained by the American Institute of Certified Public Accountants (AICPA) and is widely used in outsourcing, cloud services, and other third-party environments.

There are three main types of SOC reports: SOC 1, SOC 2, and SOC 3. SOC 1

A SOCrapport provides several components: management’s description of the system, the auditor’s opinion, the tests performed,

reports
focus
on
controls
relevant
to
a
user
entity’s
financial
statements.
SOC
2
reports
assess
controls
related
to
the
Trust
Services
Criteria,
including
security,
availability,
processing
integrity,
confidentiality,
and
privacy.
SOC
3
reports
cover
similar
criteria
as
SOC
2
but
are
designed
for
broader,
general
distribution
and
are
more
concise.
Reports
can
be
issued
as
Type
I,
describing
the
design
of
controls
at
a
specific
date,
or
Type
II,
reporting
on
operating
effectiveness
over
a
period,
typically
six
to
twelve
months.
the
results,
and
any
identified
deficiencies.
The
documents
help
user
entities,
their
auditors,
regulators,
and
business
partners
assess
risk
and
determine
whether
the
service
organization’s
controls
meet
their
requirements.
They
are
commonly
used
in
IT
outsourcing,
cloud
services,
payroll
processing,
and
other
outsourced
operations.
In
Danish
practice,
SOCrapporten
is
requested
to
obtain
independent
assurance
about
a
vendor’s
controls
and
governance.