CenturyLink provides a bi-annual or annual SOC 1 report (as applicable) that is prepared using the SSAE18 standard. Type 2 SOC 1 examinations are completed by an independent third-party CPA firm (the “service auditor”) and include the service auditor’s opinion on the fairness of presentation of management’s description of the system, the suitability of the design of the selected control activities to meet the stated control objectives, and the operating effectiveness of control activities throughout the specified review period.

Benefits

Customers and their auditors can leverage the SOC 1 report to evaluate the effect of CenturyLink’s controls over the customer’s internal control over financial reporting when completing annual financial statement audits.

SOC 1 Reports

SOC Reports are audited using the American Institute of Certified Public Accountants (AICPA) standard known as Statement on Standards for Attestation Engagements (SSAE) No. 18, simply known as SSAE 18. There are two types of reports:

Type 1

Report on the fairness of the presentation of management’s description of the service organization’s system and the suitability of the design of the controls to achieve the related control objectives included in the description as of a specified date.

Type 2

Report on the fairness of the presentation of management’s description of the service organization’s system and the suitability of the design and operating effectiveness of the controls to achieve the related control objectives included in the description throughout a specified period.

Frequently Asked Questions

What is the difference between SOC 1 vs. SOC 2?

SOC 1 provides customers assurance of controls at the service organization relevant to customers’ internal control over financial reporting.

SOC 2 provides customers assurance of controls at the service organization relevant to the achievement of the AICPA Trust Services Categories and related criteria. The AICPA Trust Services Categories include Security, Availability, Confidentiality, Processing Integrity, and Privacy.

What are some recent trends impacting the use of SOC 1 reports?

• The increasing amount of outsourced activities.
• Growth of outsourced service providers, including the following:
  • Payroll functions
  • Accounting functions
  • Third-party retirement plan administrators
  • Third-party health care administrators
• Increasing regulation, such as the Sarbanes-Oxley Act of 2002, which includes reporting on the effectiveness of internal control over financial reporting.

Glossary

Service organization or service provider

Organization providing the outsourced service.

Subservice organization

Organization used by service organization to provide third-party services to the service organization.

Service auditor

Auditor performing a SOC 1 examination of the service organization’s controls.

User entity

Organization receiving the outsourced service.

User auditors

External auditors of the user entity.

Data Center Locations

• Albuquerque, NM (AB3)
• Atlanta, GA (AT1)
• Bangalore, India (BLR2)
• Boston, MA (B01, B02, B03)
• Burbank, CA (BR1)
• Chicago, IL (CH2, CH3, CH4)
• Columbus, OH (CL1)
• Dallas, TX (DL 1, DL2)
• Denver, CO (DN1, DN2, DN3)
• Frankfurt, Germany (FR6)
• Hong Kong (HK2)
• Jersey City, NJ (NJ1, NJ2, NJx)
• London, United Kingdom (L01, L03, L04, L05, L06)
• Los Angeles, CA (LA1)
• Minneapolis, MN (MP1, MP2)
• Montreal, Canada (MR1)
• Newark, NJ (NJ5)
• Orange County, CA (OC2)
• Phoenix, AZ (PH1)
• Piscataway, NJ (NJ3, NJ4)
• Santa Clara, CA (SC4, SC5, SC8, SC9)
• Scottsdale, AZ (PH2)
• Seattle, WA (SE2, SE3, SE4)
• Singapore (SG2, SG8)
• St. Louis, MO (SL1)
• Sterling, VA (DC2, DC3, DC4, DC5, DC6, DC7)
• Sunnyvale, CA (SN1, SN2)
• Tampa, FL (TP1)
• Tokyo, Japan (TY6)
• Toronto, Canada (TR1, TR3)
• Vancouver, Canada (VC1)
• Weehauken, NJ (NJ2)

Map of SOC 1 compliant center locations.