SOC 1 engagement s are performed in accordance with Statement on Standards for Attestation Engagements (SSAE) 16, Reporting on Controls at a Service Organization, formerly SAS 70.  This is intended to be a report from the service organization’s auditor to its customer’s auditor.  It focuses solely on controls at a service organization that are likely to be relevant to an audit of a user entity’s financial statements (internal controls over financial reporting).  There are two types of SOC 1 reports:

• Type 1 – A report on management’s description of the service organization’s system and the suitability of the design of the controls to achieve the related control objectives included in the description as of a specified date.
• Type 2 – A report on management’s description of the service organization’s system and the suitability of the design and operating effectiveness of the controls to achieve the related control objectives included in the description >throughout a specified period. Testing over a period of time is what distinguishes a Type 2 report from a Type 1.  Type 1 reports are as of a point in time and typically are only performed in the first year of reporting, and then Type 2 examinations are performed thereafter.