A report on controls within an organization based on the SSAE 18 standards. SOC reports are typically Type 1 (mostly financial), Type 2 (mostly related to data controls), and Type 2+ which incorporates additional regulatory frameworks such as NIST, GDPR, or HITRUST.