SOC 1 Type 2
A SOC 1 Type 2 report is an internal controls report specifically intended to meet the needs of the OneLogin customers; management their auditors, as they evaluate the effect of the OneLogin controls on their own internal controls for financial reporting. The OneLogin SOC 1 report examination was performed in accordance with the Statement on Standards for Attestation Engagements (SSAE) No. 16 and the International Standard on Assurance Engagements (ISAE) No. 3402, therefore it can be used by our customers and their auditors both the US and abroad. These reports are issued by independent third party auditors periodically.
What’s the primary purpose of this initiative?
Provide an independent assessment of OneLogin internal controls that are relevant to customers’ internal controls over financial reporting. The assessment includes a description of the controls, the tests performed to assess them, the results of these tests, and an overall opinion on the design and operational effectiveness of the same.
What’s the scope?
OneLogin’s SOC 1 Type 2 Report covers internal controls in the areas of risk management, logical access, change management, data security, and data availability.
How often are you evaluated/audited?
Audits are performed semiannually and a report covering July through December is issued in February and a report covering January through June is issued in August.
Who performs the evaluation/audit?
Grant Thornton LLP performs the report audit.
Who is the primary audience?
Customers and their auditors.
Is there an ISAE 3402 Report?
The SOC 1 report follows both SSAE 16 and ISAE 3402 standards, so there is no need to issue a separate report.
Where can I get a copy of the report/certificate?
Customers can request the latest report from their Customer Success contact.