SOC 1 – Type 2
Supporting financial controls.
Identify and validate a wide array of controls.
Service Organization Control (SOC) reports are used by service providers to audit and validate relevant business and operational controls that support the services subscribed to by their customers. At Long View, this report identifies and validates a wide array of controls - from the Managed IT Services and OnDemand Cloud infrastructure/service models to corporate governance and HR controls.
SOC reports will often audit these controls over a defined period. At Long View, we pursue a full year audit, the maximum possible.
At a Glance:
- We help businesses understand the operational model of the service provider.
- We ensure it aligns to their unique needs/requirements.
- We provide insight into the provider’s level of capability and maturity.
SOC reports come in three variations. SSAE18/SOC1 serves a unique purpose in supporting the needs of a provider’s customers from a financial control standpoint.
- SSAE18/SOC1 – Of the three reports, this is the only option that is accepted internationally. The SOC1 report applies when scope controls could have a potential impact on the financial statements of customers using the outsourced services. In addition to supporting financial controls, SOC1 controls often contain a listing of controls supporting service operations similar to a SOC2 report (albeit in a different format) thus negating the need to provide two separate reports. Long View currently maintains an SSAE18/SOC1 Type II report.
SOC reports have two document categories; Type I or Type II.
- Type I reports describe the provider’s operating controls and the suitability of their design.
- Type II reports-- the most common type of SOC report-- contain all of the information included in a Type I but also audit the effectiveness of the controls over a defined period (typically three months to a year). Our report reflects a 1-year operating period; the maximum allowed.
We have specifically scoped our SSAE18 / SOC1 reports to include all the relevant controls that support our OnDemand Cloud and Managed IT Service offerings. An authorized third-party auditor organization conducts the audit for the Long View SOC1 Type II report, adhering to the American Institute of Certified Public Accountants (AICPA), AT801 and the International Standards for Assurance Engagements No. 3402 (ISAE 3402) guidelines. This report replaces the previous Statement of Auditing Standards No. 70 (SAS 70) report.