How to read SOC(System and Organization Controls) 1 Reports

Understand the different sections in SOC 1 Type 2 report and their significance.
Free tutorial
Rating: 4.0 out of 5 (29 ratings)
1,197 students
32min of on-demand video
English [Auto]

Understand what SOC reports are and guidance to read a SOC 1 Report
Identify different sections of SOC 1 report and significance
How SOC reports can be used to assess a vendor
Apply the learnings to read any SOC 1 report


  • Basic understanding of controls and Information Technology


This course will help to understand the need for SOC reports, the basics of reading SOC 1 reports, the types of SOC reports, and the significance of different sections within the SOC report.

As IT Managers/IT auditors/anyone who is interested in SOC Reports, this course will help you to:

1) Understand how SOC reports are prepared & why we need them?

2) The course introduces you to the different types of SOC reports available and learn in detail about SOC 1 reports:

  • SOC1

  • SOC2

  • SOC3

  • SOC for cybersecurity

  • SOC for Supply chain

  • Type 1 and type 2 reports

3) How SOC reports are used by a customer and the Vendor?

4) Different sections and terms within the SOC 1 report including Complementary User entity controls and Complimentary Sub service Organization controls.

5) Deep dive into each section of the report with examples as needed:

  • Independent Service Auditor’s opinion (Qualified, Unqualified, Adverse, Disclaimer)

  • Management Assertion

  • System Description

  • Control objectives, Controls, and Test results

  • Relationship between Control Objectives and risks

  • Complementary User Entity controls and Complimentary Sub service organization controls

  • Other information & Management Response

6) Other useful information such as the Bridge letter

7) Sub-service Organizations( Inclusive, Carve-out methods)

8) Characteristics of Control activities

9) Internal control over financial reporting

10) General IT controls

11) Attestation Standards such as SSAE18(Statement on Standards for attestation engagements 18) and ISAE3402

Who this course is for:

  • IT Managers, Security Managers, Security practitioners, IT Auditors, Accountants, Anyone who is interested in learning SOC reports


Cybersecurity professional
Mani Keerthi N
  • 4.0 Instructor Rating
  • 29 Reviews
  • 1,197 Students
  • 1 Course

Mani Keerthi N is a cybersecurity professional with experience in Cyber Strategy, Cyber Incident Response, SOC operations, and Cyber Risk Management, and other security initiatives. She also has experience in IT Operations, SOC1/SOC2 audits, IT Application and general control Audits, and Third-party risk Management areas.

She is a well-known speaker at Security conferences and she is CISA, CRISC, CISM and CDPSE certified.

Top companies trust Udemy

Get your team access to Udemy's top 25,000+ courses