SOC 1
E182251
SOC 1 is an auditing standard under the AICPA’s SSAE framework that evaluates the internal controls of service organizations relevant to their clients’ financial reporting.
All labels observed (2)
| Label | Occurrences |
|---|---|
| SOC 1 canonical | 3 |
| System and Organization Controls 1 | 1 |
How this entity was disambiguated
This entity first appeared as the object of triple T1610644 — resolving that mention is where its identity was fixed. The disambiguator weighed these candidate entities and picked the highlighted one (or “None”, minting a new entity). This is how homonymy is resolved: the same surface form can point to different entities.
Target entity: SOC 1 Context triple: [Microsoft Azure, supportsComplianceStandard, SOC 1]
-
A.
SOX
SOX is the commonly used abbreviation for the Sarbanes–Oxley Act of 2002, a U.S. federal law enacted to enhance corporate governance and financial reporting accountability.
-
B.
Office of Trust Services
The Office of Trust Services is a division within the U.S. Department of the Interior responsible for managing and overseeing federal trust responsibilities for Native American tribes, individuals, and related natural resources.
-
C.
ITSoc
ITSoc is the commonly used abbreviation for the IEEE Information Theory Society, a professional organization focused on advancing the field of information theory.
-
D.
FSOC
FSOC is a U.S. government council established after the 2008 financial crisis to identify and monitor systemic risks to the nation’s financial stability and coordinate regulatory responses.
-
E.
ISO 27001
ISO 27001 is an internationally recognized standard that specifies requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS).
- F. None of above. chosen
- G. Unsure - the case is ambiguous/there is not enough information to decide.
Target entity: SOC 1 Target entity description: SOC 1 is an auditing standard under the AICPA’s SSAE framework that evaluates the internal controls of service organizations relevant to their clients’ financial reporting.
-
A.
SOX
SOX is the commonly used abbreviation for the Sarbanes–Oxley Act of 2002, a U.S. federal law enacted to enhance corporate governance and financial reporting accountability.
-
B.
Office of Trust Services
The Office of Trust Services is a division within the U.S. Department of the Interior responsible for managing and overseeing federal trust responsibilities for Native American tribes, individuals, and related natural resources.
-
C.
ITSoc
ITSoc is the commonly used abbreviation for the IEEE Information Theory Society, a professional organization focused on advancing the field of information theory.
-
D.
FSOC
FSOC is a U.S. government council established after the 2008 financial crisis to identify and monitor systemic risks to the nation’s financial stability and coordinate regulatory responses.
-
E.
ISO 27001
ISO 27001 is an internationally recognized standard that specifies requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS).
- F. None of above. chosen
Statements (47)
| Predicate | Object |
|---|---|
| instanceOf |
auditing standard
ⓘ
service organization control report ⓘ |
| accessRestrictedTo |
service organization management
ⓘ
user auditors ⓘ user entities ⓘ |
| basedOnFramework | SSAE ⓘ |
| canSupport | Sarbanes-Oxley Section 404 compliance ⓘ |
| controlCategoriesMayInclude |
change management
ⓘ
data processing ⓘ input, processing, and output controls ⓘ logical access ⓘ operations ⓘ reconciliation and reporting controls ⓘ |
| distinguishedBy | focus on financial reporting rather than trust services criteria ⓘ |
| distinguishedFrom |
SOC 2
ⓘ
SOC 3 ⓘ |
| focusesOn |
controls at service organizations relevant to user entities’ financial reporting
ⓘ
internal controls over financial reporting ⓘ |
| fullName |
SOC 1
self-linksurface differs
ⓘ
surface form:
System and Organization Controls 1
|
| geographicUse | primarily United States ⓘ |
| governedBy | AICPA attestation standards ⓘ |
| governingBody |
American Institute of Accountants
ⓘ
surface form:
AICPA
|
| hasType |
Type I
ⓘ
Type II ⓘ |
| includes |
description of tests of controls and results (for Type II)
ⓘ
management’s assertion about controls ⓘ management’s description of the service organization’s system ⓘ service auditor’s report ⓘ |
| predecessorTerminology | SAS 70 reports (conceptual predecessor) ⓘ |
| primaryObjective | evaluate design and operating effectiveness of controls relevant to user entities’ financial reporting ⓘ |
| primaryUsers |
CFOs and controllers at user entities
ⓘ
financial statement auditors of user entities ⓘ risk and compliance teams at user entities ⓘ |
| relatedStandard |
SSAE
ⓘ
surface form:
SSAE 18
|
| relevantTo |
service organizations
ⓘ
user auditors ⓘ user entities ⓘ |
| reportDistribution | restricted-use report ⓘ |
| reportIssuer | independent CPA firm ⓘ |
| reportPeriodTypicalLength | 6 to 12 months for Type II reports ⓘ |
| scope | controls likely to be relevant to user entities’ internal control over financial reporting ⓘ |
| typeIDescription | report on management’s description of a service organization’s system and the suitability of the design of controls as of a specified date ⓘ |
| typeIIDescription | report on management’s description of a service organization’s system and the suitability of the design and operating effectiveness of controls over a specified period ⓘ |
| usedFor |
compliance with financial reporting requirements
ⓘ
third-party risk management ⓘ user auditors’ assessment of risks of material misstatement in financial statements ⓘ vendor due diligence ⓘ |
How these facts were elicited
The pipeline generated the facts above by prompting gpt-5.1 with this entity's name + description and the instruction below.
You are a knowledge base construction expert. Given a subject entity and a description of it, return factual statements that you know for the subject as a JSON list of dictionaries(triples), where keys must be "subject", "predicate" and "object". The number of facts may be very high, between 25 to 50 or more, for very popular subjects. For less popular subjects, the number of facts can be very low, like 5 or 10. # Requirements - If you don't know the subject at all, return an empty list. - If the subject is not a named entity, return an empty list. - Include at least one triple where predicate is "instanceOf". - Do not get too wordy. - Separate several objects into multiple triples with one object.
Subject: SOC 1 Description of subject: SOC 1 is an auditing standard under the AICPA’s SSAE framework that evaluates the internal controls of service organizations relevant to their clients’ financial reporting.
Referenced by (4)
Full triples — surface form annotated when it differs from this entity's canonical label.