How many controls does SSAE 18 SOC 1 have?

SSAE 18 SOC 1 contains 27 controls organized across 5 domains.

Where does SSAE 18 SOC 1 apply?

SSAE 18 SOC 1 is applicable in United States (AICPA). Organizations operating in or serving customers in this jurisdiction should evaluate its requirements.

How do I get started with SSAE 18 SOC 1 compliance?

Start by understanding the framework's key controls and domains. Our compliance platform provides AI-powered gap analysis and mapping tools to help you assess your current posture and build a remediation plan.

SSAE 18 SOC 1 — Report on Controls at a Service Organisation (ICFR)

SOC 1 reports, issued under SSAE 18 (AT-C Section 320) by the AICPA, provide assurance on controls at a service organisation relevant to user entities' internal control over financial reporting (ICFR). The US equivalent of ISAE 3402.

Domains

Complementary Controls and Reporting

Reporting and Monitoring

Transaction Processing Controls

IT General Controls

Control Environment

Frequently Asked Questions

Map SSAE 18 SOC 1 — Report on Controls at a Service Organisation (ICFR) to any other framework

Use our AI-powered compliance platform to find control overlaps, gaps, and build remediation plans in seconds.

Try Free on Compliance Platform