Learn More

Fill out the form for more information, or call 1-800-726-3339.


What does SSAE-16 SOC 1 Type 2 mean and how is SOC 1 Type 2 compliance determined?

SSAE-16 SOCSSAE-16 SOC 1 Type 2 stands for Standards of Attestations Engagement No. 16, System and Organizations Controls Report 1, Type 2. This AICPA-developed auditing report details how organizations develop and execute their financial reporting procedures over time. Organizations seeking to meet SOC 1 Type 2 compliance standards must give detailed data about how their financial reporting practices are designed and executed over a fixed period of time—usually 6-12 months. An independent auditor often prepares the report and carries out necessary examinations.  There are no penalties for noncompliance, although poor results could discourage customers from using particular organizations if they reveal notable flaws in their financial reporting approaches and controls.

How does SOC 1 Type 2 data center and cloud hosting work?

SOC 1 Type 2 is among the various auditing standards we use with our data centers and for accounts that host systems and software related to internal controls over financial reporting.  Much like a standard computer or server, a Private Cloud account can be used to run software and store data.  These activities, however, are run in the cloud within a 256-bit AES encrypted, HIPAA-compliant hosting account.

How can I audit and maintain compliance with SOC 1 Type 2?

Our team audits all Private Cloud accounts using SOC 1 Type 2 and other SSAE-16 standards.

What other compliance standards are similar to SOC 1 Type 2?

SOC 1 is one of three SSAE-16 auditing standards used to vet data centers, but is the only one that addresses financial reporting practices.  The other two SOC reports—SOC 2 & 3—analyze how organizations address non-financial reporting procedures including data security, server uptimes, system processing and data processing.  There’s also another type of SOC 1 Report called the SOC 1 Type 1 report.  While they are similar, Type 1 reports don’t analyze how organizations execute financial reporting controls over fixed time periods.

Are there Abacus clients that are SOC 1 Type 2 compliant today?

Yes! Contact our Private Cloud hosting specialists today to learn more about how we can help ensure your hosting environment is SOC 1-compliant.

Additional Resources

  1. AICPA.org