Your security and compliance glossary

All the terms you need to know when you’re trying to get compliance audit ready, fast.

Show filters

What is SOC 1?

A Service Organization Control 1 or SOC 1 report is documentation of the internal controls that are likely to be relevant to an audit of a customer's financial statements.

There are two types of reports for these engagements:


  • Type 1 – report on the fairness of the presentation of management’s description of the service organization’s system and the suitability of the design of the controls to achieve the related control objectives included in the description as of a specified date.
  • Type 2 - report on the fairness of the presentation of management’s description of the service organization’s system and the suitability of the design and operating effectiveness of the controls to achieve the related control objectives included in the description throughout a specified period.


Use of these reports is restricted to,  your company, your customers, and your auditors. If you’d like a report you can share publicly, you may want a SOC 3.

Additional resources you might like:

Comparisons and reviews
Blog
The best ISO 27001 compliance software for 2026

Discover the best ISO 27001 compliance software options for 2026, including Vanta.

Compliance
Blog
How to handle risk management under growing regulatory pressure: Best practices in 2026

Learn how to align risk management and regulations to navigate the business landscape.

Compliance
Blog
What Is a risk register? Best practices for keeping It actionable

Learn what a risk register is and how modern GRC teams should use it.

Additional resources you might like:

Comparisons and reviews
Blog
The best ISO 27001 compliance software for 2026

Discover the best ISO 27001 compliance software options for 2026, including Vanta.

Compliance
Blog
How to handle risk management under growing regulatory pressure: Best practices in 2026

Learn how to align risk management and regulations to navigate the business landscape.

Compliance
Blog
What Is a risk register? Best practices for keeping It actionable

Learn what a risk register is and how modern GRC teams should use it.

Compliance
Blog
What is Enterprise Risk Management (ERM)? Everything you need to know

Explore modern enterprise risk management (ERM) and what makes it a strategic business discipline

GRC
Events
What is GRC Engineering? A fresh take on an old space

Join Lovable and Vanta for an exclusive virtual event on what modern GRC actually looks like when it is done right.

GRC
Blog
Building a risk taxonomy: A guide to classifying risks

Learn how to classify and prioritize risks using a structured risk taxonomy.

GRC
Blog
Understanding inherent risk vs residual risk—and why the gap matters

Learn about inherent and residual risk beyond definitions and see how they influence decisions.

Compliance
Events
Agentic compliance in action with Vanta and Claude

Register to learn how Vanta's MCP Server brings your compliance program directly into Claude.

GRC
Blog
How to write a risk appetite statement in 5 steps

A risk appetite statement isn’t useful unless it drives decisions. Learn how to create one with clear thresholds that help align action with your risk appetite.