OtherUnited States (AICPA)

SSAE 18 SOC 1 — Report on Controls at a Service Organisation (ICFR)

SOC 1 reports, issued under SSAE 18 (AT-C Section 320) by the AICPA, provide assurance on controls at a service organisation relevant to user entities' internal control over financial reporting (ICFR). The US equivalent of ISAE 3402.

Domains

Complementary Controls and Reporting

Reporting and Monitoring

Transaction Processing Controls

IT General Controls

Control Environment

Compare SSAE 18 SOC 1 — Report on Controls at a Service Organisation (ICFR)

SSAE 18 SOC 1 — Report on Controls at a Service Organisation (ICFR) vs ISO 27001:2022View comparison →SSAE 18 SOC 1 — Report on Controls at a Service Organisation (ICFR) vs SOC 2View comparison →SSAE 18 SOC 1 — Report on Controls at a Service Organisation (ICFR) vs NIST CSF 2.0View comparison →SSAE 18 SOC 1 — Report on Controls at a Service Organisation (ICFR) vs GDPRView comparison →SSAE 18 SOC 1 — Report on Controls at a Service Organisation (ICFR) vs HIPAAView comparison →SSAE 18 SOC 1 — Report on Controls at a Service Organisation (ICFR) vs PCI DSS 4.0View comparison →

SSAE 18 SOC 1 — Report on Controls at a Service Organisation (ICFR) by Industry

SSAE 18 SOC 1 — Report on Controls at a Service Organisation (ICFR) by Role

SSAE 18 SOC 1 — Report on Controls at a Service Organisation (ICFR) for CISOs→SSAE 18 SOC 1 — Report on Controls at a Service Organisation (ICFR) for Compliance Officers→SSAE 18 SOC 1 — Report on Controls at a Service Organisation (ICFR) for Risk Managers→SSAE 18 SOC 1 — Report on Controls at a Service Organisation (ICFR) for IT Directors→SSAE 18 SOC 1 — Report on Controls at a Service Organisation (ICFR) for DPOs→SSAE 18 SOC 1 — Report on Controls at a Service Organisation (ICFR) for Auditors→

Frequently Asked Questions

What is SSAE 18 SOC 1?

How many controls does SSAE 18 SOC 1 have?

SSAE 18 SOC 1 contains 27 controls organized across 5 domains.

Where does SSAE 18 SOC 1 apply?

SSAE 18 SOC 1 is applicable in United States (AICPA). Organizations operating in or serving customers in this jurisdiction should evaluate its requirements.

How do I get started with SSAE 18 SOC 1 compliance?

Start by understanding the framework's key controls and domains. Our compliance platform provides AI-powered gap analysis and mapping tools to help you assess your current posture and build a remediation plan.

How ready are you for SSAE 18 SOC 1 — Report on Controls at a Service Organisation (ICFR)?

Answer 25 questions and get a professional readiness report with gap analysis, maturity scores, and prioritised action items. Results in 5 minutes.

Explore Platform Free

OtherUnited States (AICPA)

SSAE 18 SOC 1 — Report on Controls at a Service Organisation (ICFR)

Domains

Complementary Controls and Reporting

Reporting and Monitoring

Transaction Processing Controls

IT General Controls

Control Environment

Compare SSAE 18 SOC 1 — Report on Controls at a Service Organisation (ICFR)

SSAE 18 SOC 1 — Report on Controls at a Service Organisation (ICFR) by Industry

SSAE 18 SOC 1 — Report on Controls at a Service Organisation (ICFR) by Role

Frequently Asked Questions

What is SSAE 18 SOC 1?

How many controls does SSAE 18 SOC 1 have?

SSAE 18 SOC 1 contains 27 controls organized across 5 domains.

Where does SSAE 18 SOC 1 apply?

SSAE 18 SOC 1 is applicable in United States (AICPA). Organizations operating in or serving customers in this jurisdiction should evaluate its requirements.

How do I get started with SSAE 18 SOC 1 compliance?

How ready are you for SSAE 18 SOC 1 — Report on Controls at a Service Organisation (ICFR)?

Answer 25 questions and get a professional readiness report with gap analysis, maturity scores, and prioritised action items. Results in 5 minutes.

Explore Platform Free