Assurance and Advisory Services

    SOC 2 

    Report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy

    These reports are intended to meet the needs of a broad range of users that need to understand internal control at a service organization as it relates to security, availability, processing integrity, confidentiality and privacy. These reports are performed using the AICPA Guide:  Reporting on Controls at a Service Organizations Relevant to Security, Availability, Processing Integrity,  Confidentiality, or Privacy  and are intended for use by stakeholders (e.g., customers, regulators, business partners, suppliers, directors) of the service organization that have a thorough understanding of the service organization and its  internal controls. These reports can form an important part of stakeholders:

    • Oversight of the organization
    • Vendor management program
    • Internal corporate governance and risk management processes
    • Regulatory oversight

    Similar to  SOC 1®  engagement there are two types of report : Type 2, report on management’s description of a service organization’s system and the suitability of the design and operating effectiveness of controls; and Type 1, report on management’s description of a service organization’s system and the suitability of the design of controls.  These reports may be restricted in use.  



    Open Hide documents in this section

    Page  1 2 3 4
    Showing results 1 - 15 of 53
    Order by:

    Audit Data Standards Library

    Article ASEC’s Emerging Assurance Technologies Task Force have created the Audit Data Standards. View all of the Standards here.
    Published on July 30, 2015

    Assurance and Advisory

    Overview Find information and resources to keep abreast of new and emerging reporting and assurance needs and help you embrace new service opportunities.
    Published on July 30, 2015

    Continuous Assurance & Continuous Control Monitoring

    Article The Assurance Services Executive Committee (ASEC) Emerging Assurance Technologies Task Force is responsible for developing a conceptual framework and guidance to capitalize on emerging technologies affecting the business information supply chain, covering both internal and external reporting.
    Published on July 28, 2015

    Service Organization Control (SOC) Reports

    Overview Service Organization Control  Reports® are internal control reports on the services provided by a service organization. SOC reports provide valuable information users need to assess and address the risks associated with an outsourced service. The AICPA provides tools and resources to CPAs, service organizations and user entities needed to build
    Published on July 14, 2015

    SOC Guides and Publications

    Article Review valuable SOC guides and publications to help your professional competency and increase your value to your clients.
    Published on July 14, 2015

    SOC Articles and Blog Posts

    Article Read articles and other media regarding what CPAs need to know about SOC reporting, tips on starting a SOC practice, as well as other valuable information.
    Published on July 13, 2015

    SOC 2 Additional Subject Matter

    Article Learn about additional considerations when a service organization requests that the service auditor’s report address either criteria in addition to the applicable trust services criteria or additional subject matter related to the service organization’s services using additional suitable criteria related to that subject matter, or both.
    Published on July 13, 2015

    SOC 2 HITRUST Common Security Framework (CSF) Version 7

    Article The AICPA HITRUST working group developed this mapping between the HITRUST CSF version 7 and AICPA’s Trust Services Principles and Criteria to allow service organizations who have adopted the CSF a method to communicate the processes and procedures they developed to implement the CSF in order to provide users with
    Published on July 13, 2015

    Proposed Revision of Trust Services Principles and Criteria for Security, Availability, Processing Integrity, Confidenti...

    Exposure Draft Issued June 15, 2015, the exposure draft will amend TSP section 100, and supersede Appendix D, “Generally Accepted Privacy Principles,” of TSP Section 100A. The comment period ends on August 15, 2015.
    Published on June 15, 2015

    Service Organization Controls (SOC) Reports for Service Organizations

    Overview Service Organization Controls (SOC) reports are designed to help service organizations, organizations that operate information systems and provide information system services to other entities, build trust and confidence in their service delivery processes and controls through a report by an independent Certified Public Accountant.  Each type of SOC report is designed to help
    Published on May 22, 2015

    Information for Management of a Service Organization

    Guide Adapted from the SOC 2 Guide, Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy this document is to assist management of a service organization in preparing its description of the service organization’s system, which serves as the basis for a SOC 2
    Published on May 20, 2015

    Users and User Entities

    Article Many companies function more efficiently and profitably by outsourcing tasks or entire functions to service organizations that have the personnel, expertise, equipment, or technology to accomplish these tasks or functions. Examples of  such servic
    Published on April 06, 2015

    Assurance Services Executive Committee

    Article The ASEC's mission is to assure the quality, relevance, and usefulness of information or its context for decision makers and other users by identifying and prioritizing emerging trends and market needs for assurance, and developing related assurance methodology guidance and tools as needed.
    Published on March 03, 2015

    Whitepaper - How to Design a Credible Verification Program

    White Paper This white paper is intended to assist organizations such as government agencies and legislative bodies, business organizations, not-for-profit organizations, and associations that are considering establishing and designing a third-party verification program.
    Published on February 26, 2015

    AICPA Service Organization Control Reports Logos

    Article SOC 1, SOC 2 and SOC 3 and the associated logos are trademarks, service marks and certification marks of the American Institute of Certified Public Accountants (AICPA), which reserves all rights. AICPA has
    Published on December 19, 2014

    Page  1 2 3 4
    Showing results 1 – 15 of 53
    Show Results per page
    Copyright © 2006-2015 American Institute of CPAs.