For a SOC1-report in accordance with ISAE 3402 relevant controls should be included and auditable. The SOC1 is audited by an external auditor.
All outsourced processes should be in scope, generally this includes the General IT controls and operational processes with an impact on the annual report of your customers
If processes are outsourced by your customers and process have a material impact on the annual report, an ISAE 3402 report will be appropriate. Other organizations under supervision of for example the FSA should be able to demonstrate that outsourced processes are under control.