Assurance and Advisory Services

SOC 2® - SOC for Service Organizations: Trust Services Criteria  

Report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy

These reports are intended to meet the needs of a broad range of users that need detailed information and assurance about the controls at a service organization relevant to security, availability, and processing integrity of the systems the service organization uses to process users’ data and the confidentiality and privacy of the information processed by these systems. These reports can play an important role in:

  • Oversight of the organization
  • Vendor management programs
  • Internal corporate governance and risk management processes
  • Regulatory oversight

Similar to a SOC 1 report, there are two types of reports: A type 2 report on management’s description of a service organization’s system and the suitability of the design and operating effectiveness of controls; and a type 1 report on management’s description of a service organization’s system and the suitability of the design of controls. Use of these reports are restricted.

Open Hide documents in this section

Page  1 2 3 4 5 >> 
Showing results 1 - 15 of 96
Order by:


SOC for Cybersecurity

Overview CPAs provide cybersecurity examination services under a variety of generally accepted professional standards and approaches.
Published on April 28, 2017

Cybersecurity Resource Center

Tools Find information and links to valuable resources for CPAs providing cybersecurity advisory and assurance services.
Published on April 27, 2017

SOC for Cybersecurity Information for CPAs

Article Cybersecurity threats are on the rise, challenging organizations of all sizes—whether public or private. Boa
Published on April 26, 2017

SOC for Service Organizations

Article SOC for Service Organizations are internal control reports on the services provi
Published on April 26, 2017

Assurance and Advisory

Overview Find information and resources to keep abreast of new and emerging reporting and assurance needs and help you embrace new service opportunities.
Published on April 24, 2017

Illustrative SOC 2 Opinion and Assertion

Sample Report This illustrative tool is intended as an example of management’s assertion and a service auditor’s report in a SOC 2 Type 2 engagement under the clarified Attestation Standards. It is an interim tool for use by practitioners while the SOC 2 guide is under revision and is subject to change
Published on April 24, 2017

Description Criteria for Managements Description of the Entitys Cybersecurity Risk Management Program

Guidance Description criteria used by management in designing and describing their cybersecurity risk management program, and by CPAs to report on management's description
Published on April 24, 2017

SOC for Cybersecurity Information for Entity Management

Guidance Provides guidance to assist management of organizations with understanding (1) the cybersecurity risk management examination that can be performed by a CPA (practitioner) in connection with certain entity-prepared cybersecurity information (2) management's responsibilities in connection with that engagement.
Published on April 24, 2017

Illustrative Cybersecurity Risk Management Report

Sample Report This document provides an illustrative example of an entity's cybersecurity risk management report related to its SOC for Cybersecurity engagement.
Published on April 24, 2017

Mapping of the 2017 Trust Services Criteria to Extant 2016 Trust Services Principles and Criteria

Framework This tool demonstrates how the control criteria in the 2016 version of the Trust Services Criteria maps to the revised control criteria in the 2017 Trust Services Criteria.
Published on April 24, 2017

SOC for Cybersecurity Backgrounder

Overview This document provides background information about the SOC for Cybersecurity engagement and related approach
Published on April 24, 2017

Illustrative Comparison of the Cybersecurity Risk Management Examination with a SOC 2 Examination and Related Reports

Tools This illustrative tool highlights the key distinctions between a cybersecurity risk management examination and a SOC 2 examination and the related reports.
Published on April 24, 2017

Cybersecurity Risk Management Reporting Fact Sheet

Tools This fact sheet provides an overview of the new AICPA cybersecurity risk management reporting framework
Published on April 24, 2017

SOC 1 - SOC for Service Organizations ICFR

Article Report on Controls at a Service Organization Relevant to User Entities’ Internal Control over Financial Reporting (ICFR) These reports, prepared in accordance with AT-C section 320, Reporting on an Examination of Controls at a Service Organization Relev
Published on April 24, 2017

SOC 2 - SOC for Service Organizations Trust Services Criteria

Article Report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy These reports are intended to meet the needs of a broad range of users that need detailed information and assurance abou
Published on April 24, 2017

Page  1 2 3 4 5 >> 
Showing results 1 – 15 of 96
Show Results per page
Copyright © 2006-2017 American Institute of CPAs.