Your security and compliance glossary

All the terms you need to know when you’re trying to get compliance audit ready, fast.

Show filters

Blogs

Events

Glossary

Guides and reports

What is SOC 1?

‍

A Service Organization Control 1 or SOC 1 report is documentation of the internal controls that are likely to be relevant to an audit of a customer's financial statements.

‍

There are two types of reports for these engagements:

‍

Type 1 – report on the fairness of the presentation of management’s description of the service organization’s system and the suitability of the design of the controls to achieve the related control objectives included in the description as of a specified date.
Type 2 - report on the fairness of the presentation of management’s description of the service organization’s system and the suitability of the design and operating effectiveness of the controls to achieve the related control objectives included in the description throughout a specified period.

‍

Use of these reports is restricted to, your company, your customers, and your auditors. If you’d like a report you can share publicly, you may want a SOC 3.

Related Terms

Additional resources you might like:

Compliance

Events

Live Demo: Automating Compliance for SOC 2, ISO 27001, HIPAA, and More

Discover how Vanta’s automation and AI tools can help your team simplify compliance, strengthen security, and scale trust across frameworks like SOC 2, ISO 27001, HIPAA, and more.

AWS

Events

Turn security into your startup’s secret sales weapon

In this joint session with AWS, Vanta, and BreachRx, you’ll learn how early-stage teams are turning that pressure into an advantage.

Compliance

Events

Inside the FedRAMP 20x Pilot: Lessons Learned with Vanta

Join Vanta’s GRC team for an inside look at our journey submitting the first FedRAMP 20x pilot submission - a new initiative that fast-tracks the path to FedRAMP Low authorization without the need for an agency sponsor.

Product updates

Blog

Introducing the all-new Vanta AI Agent to supercharge GRC teams

The Vanta AI Agent guides you through key compliance workflows and takes action on your behalf.

NIS 2

Events

Simplify Your Path to NIS 2 Compliance

Join us to explore Vanta’s NIS 2 solution, which automates up to 65% of compliance tasks through pre-built controls, templates, and cross-framework integrations—all with continuous monitoring for complete visibility over your security posture.

HIPAA

Blog

SOC 2 vs. HIPAA: Everything you need to know

How to tackle both certifications with ongoing security monitoring

HIPAA

Blog

5 practical tips to navigate AI, security, and compliance in healthcare

Healthcare companies must balance AI innovation with risk mitigation to provide the best solutions and care without introducing additional risk.

SOC 2

Events

Live Demo: Simplify ISO 27001 and SOC 2 compliance with Vanta

Watch our on-demand demo to learn how Vanta can help simplify compliance needs across over 35 frameworks like SOC 2 and ISO 27001!

GRC

Events

Scaling Governance, Risk, and Compliance with Trust

Hear from ShipBob’s Heidi Pili and CMG’s Josh Wasserman on scaling your GRC program, with insights on key trends, Vanta use cases, and effective communication strategies.

Follow us

What is SOC 1?

Related Terms

Additional resources you might like:

Additional resources you might like:

Get compliant and build trust—fast