< Compliance
CenturyLink Cloud's data centers comply with SSAE 16 & SOC 1

CenturyLink SOC 1 Report

A SOC 1 report provides customers assurance of controls at CenturyLink (the “service organization”) that may be relevant to the customers’ internal controls over financial reporting. CenturyLink has invested extensively in successfully completing SOC 1 assessments and providing the results to customers each year.

CenturyLink provides a bi-annual or annual SOC 1 report (as applicable) that is prepared using the SSAE18 standard. Type 2 SOC 1 examinations are completed by an independent third-party CPA firm (the “service auditor”) and include the service auditor’s opinion on the fairness of presentation of management’s description of the system, the suitability of the design of the selected control activities to meet the stated control objectives, and the operating effectiveness of control activities throughout the specified review period.

Benefits

Customers and their auditors can leverage the SOC 1 report to evaluate the effect of CenturyLink’s controls over the customer’s internal control over financial reporting when completing annual financial statement audits.

SOC 1 Reports

SOC Reports are audited using the American Institute of Certified Public Accountants (AICPA) standard known as Statement on Standards for Attestation Engagements (SSAE) No. 18, simply known as SSAE 18. There are two types of reports:

Type 1

Report on the fairness of the presentation of management’s description of the service organization’s system and the suitability of the design of the controls to achieve the related control objectives included in the description as of a specified date.

Type 2

Report on the fairness of the presentation of management’s description of the service organization’s system and the suitability of the design and operating effectiveness of the controls to achieve the related control objectives included in the description throughout a specified period.

Frequently Asked Questions

What is the difference between SOC 1 vs. SOC 2?

SOC 1 provides customers assurance of controls at the service organization relevant to customers’ internal control over financial reporting.

SOC 2 provides customers assurance of controls at the service organization relevant to the achievement of the AICPA Trust Services Categories and related criteria. The AICPA Trust Services Categories include Security, Availability, Confidentiality, Processing Integrity, and Privacy.

What are some recent trends impacting the use of SOC 1 reports?

  • The increasing amount of outsourced activities.
  • Growth of outsourced service providers, including the following:
    • Payroll functions
    • Accounting functions
    • Third-party retirement plan administrators
    • Third-party health care administrators
  • Increasing regulation, such as the Sarbanes-Oxley Act of 2002, which includes reporting on the effectiveness of internal control over financial reporting.

Glossary

Service organization or service provider
Organization providing the outsourced service.
Subservice organization
Organization used by service organization to provide third-party services to the service organization.
Service auditor
Auditor performing a SOC 1 examination of the service organization’s controls.
User entity
Organization receiving the outsourced service.
User auditors
External auditors of the user entity.
  • Albuquerque, NM (AB3)
  • Atlanta, GA (AT1)
  • Bangalore, India (BLR2)
  • Boston, MA (B01, B02, B03)
  • Burbank, CA (BR1)
  • Chicago, IL (CH2, CH3, CH4)
  • Columbus, OH (CL1)
  • Dallas, TX (DL 1, DL2)
  • Denver, CO (DN1, DN2, DN3)
  • Frankfurt, Germany (FR6)
  • Hong Kong (HK2)
  • Jersey City, NJ (NJ1, NJ2, NJx)
  • London, United Kingdom (L01, L03, L04, L05, L06)
  • Los Angeles, CA (LA1)
  • Minneapolis, MN (MP1, MP2)
  • Montreal, Canada (MR1)
  • Newark, NJ (NJ5)
  • Orange County, CA (OC2)
  • Phoenix, AZ (PH1)
  • Piscataway, NJ (NJ3, NJ4)
  • Santa Clara, CA (SC4, SC5, SC8, SC9)
  • Scottsdale, AZ (PH2)
  • Seattle, WA (SE2, SE3, SE4)
  • Singapore (SG2, SG8)
  • St. Louis, MO (SL1)
  • Sterling, VA (DC2, DC3, DC4, DC5, DC6, DC7)
  • Sunnyvale, CA (SN1, SN2)
  • Tampa, FL (TP1)
  • Tokyo, Japan (TY6)
  • Toronto, Canada (TR1, TR3)
  • Vancouver, Canada (VC1)
  • Weehauken, NJ (NJ2)

Map of SOC 1 compliant center locations.

Related Products

Cloud Services

Hybrid-ready public cloud provides the agility, scalability and security expected from an enterprise-class cloud, backed by an industry leading global network.

Managed Services

Experts at the ready to maintain and administer your cloud deployments. Rapid provisioning, hourly billing, and highly automated.

Managed Security

A full complement of threat prevention, threat management, incident response and analysis services to support your hosted or on-premise enterprise security environments.

Managed Hosting

Maintain complex IT infrastructure and applications with our comprehensive portfolio of managed hosting services including, fully manage networks, servers, storage, operating systems, and security.

Managed Storage & Backups

Gives a range of storage options including data replication and back up/archiving. CenturyLink solutions are secure, affordable and can provide data resilience with up to 5 nines.