SOC Simplified: SOC 1 vs SOC 2

May 12, 2025

Not sure whether your organization needs a SOC 1 or SOC 2 report? This short video outlines the key differences between the two and explains which types of companies typically require each. If your services involve sensitive client data or impact financial reporting, understanding these audit reports is critical.

Why a SOC report matters:

  • Demonstrate that your internal controls are designed and operating effectively
  • Support your clients’ compliance with industry regulations
  • Strengthen trust through independent third-party validation

Which One Do You Need?

  • If you handle sensitive customer data: SOC 2
  • If your services impact financial reporting: SOC 1
  • If both apply? You may need both reports
Tags: SOC

Explore More Insights

Some of these items predate Richey May’s restructuring to an alternative practice structure. Richey May is no longer a CPA firm. All Attest services are provided by Richey, May & Co., LLP.

Our Latest Insights

Looking for more industry expertise and to stay up to date? Check out more from the experts at Richey May below: 

All Insights$