Assurance and Advisory Services

SOC 2® - SOC for Service Organizations: Trust Services Criteria  

Report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy

These reports are intended to meet the needs of a broad range of users that need detailed information and assurance about the controls at a service organization relevant to security, availability, and processing integrity of the systems the service organization uses to process users’ data and the confidentiality and privacy of the information processed by these systems. These reports can play an important role in:

  • Oversight of the organization
  • Vendor management programs
  • Internal corporate governance and risk management processes
  • Regulatory oversight

Similar to a SOC 1 report, there are two types of reports: A type 2 report on management’s description of a service organization’s system and the suitability of the design and operating effectiveness of controls; and a type 1 report on management’s description of a service organization’s system and the suitability of the design of controls. Use of these reports are restricted.

Open Hide documents in this section

Page  1 2 3 4 5 >> 
Showing results 1 - 15 of 114
Order by:


Assurance and Advisory

Overview Find information and resources to keep abreast of new and emerging reporting and assurance needs and help you embrace new service opportunities.
Published on August 15, 2017

Cybersecurity Resource Center

Tools Find information and links to valuable resources for CPAs providing cybersecurity advisory and assurance services.
Published on August 12, 2017

SOC for Cybersecurity Information for CPAs

Article Cybersecurity threats are on the rise, challenging organizations of all sizes—whether public or privat
Published on August 11, 2017

Cybersecurity Resources for CPAs Providing Advisory Services

Article CPAs with a specialization in information technology, can help clients address cybersecurity concerns by identifying potential internal risks and offering proactive steps to safeguard valuable client and customer information. CPAs with an IT skil
Published on August 11, 2017

Audit Data Analytics

Article The AICPA’s Assurance Services Executive Committee's (ASEC's) Emerging Assurance Technolog
Published on August 10, 2017

Audit Data Standards

Article Find information and resources to keep abreast of new and emerging reporting and assurance needs and help you embrace new service opportunities.
Published on August 10, 2017

Fixed Asset Subledger Audit Data Standard Exposure Draft

Article The Emerging Assurance Technologies Task Force of the AICPA Assurance Services Executive Committee (ASEC) has issued an exposure draft titled Audit Data Standards – Fixed Asset Subledger Standard.
Published on August 10, 2017

Fixed Asset Subledger Audit Data Standard Exposure Draft

Exposure Draft We are sharing the draft Fixed Asset Subledger Audit Data Standards document for public exposure.  This document contains technical specifications for the fixed asset subledger account. Comments are requested by November 6, 2017.
Published on August 10, 2017

Mappings Relevant to the SOC Suite of Services

Tools This page contains mappings of the AICPA's Trust Services Criteria to various other security frameworks that are relevant to the SOC suite of services as well as a mapping between SSAE 18 and ISAE 3000.
Published on August 01, 2017

Trust Services Mapping to NIST CSF

Framework This document provides a mapping of the 2017 Trust Services Criteria to NIST CSF
Published on August 01, 2017

Trust Services Mapping to ISO 27001

Framework This document provides a mapping of the 2017 Trust Services Criteria to ISO 27001
Published on August 01, 2017

Trust Services Mappint to COBIT5

Framework This document provides a mapping of the 2017 Trust Services Criteria to COBIT5.
Published on August 01, 2017

SOC 2 Additional Subject Matter

Article Learn about additional considerations when a service organization requests that the service auditor’s report address either criteria in addition to the applicable trust services criteria or additional subject matter related to the service organization’s services using additional suitable criteria related to that subject matter, or both.
Published on August 01, 2017

System and Organization Controls SOC Suite of Services

Overview System and Organization Controls (SOC) reporting is a suite of service offerings CPAs may provide in connection with system-level controls of a service organization or entity-level controls of other organizations.
Published on August 01, 2017

SOC 2 HITRUST Common Security Framework (CSF) Version 7

Framework This document provides a mapping of the 2016 Trust Services Criteria to HITRUST CSF Version 8
Published on August 01, 2017

Page  1 2 3 4 5 >> 
Showing results 1 – 15 of 114
Show Results per page
© 2017 Association of International Certified Professional Accountants. All rights reserved.