Service Organization Control

Service Organization Control 

Service Organization Controls are a series of accounting standards that measure the control of financial information for a service organization. They are covered under both the SSAE 16 and the ISAE 3402 professional standards.

It is common for entities to outsource business tasks or functions to service organizations, even those that are core to an entity’s operations. Although user entities may rely on a service organization to perform outsourced tasks or functions, the user entity still retains responsibility (and the risks associated) for the service it provides to its customers.

Service Organization Control 2, reports on various organizational controls related to security, availability, processing integrity, confidentiality or privacy. The standard for regulating these five issues was formed under the AICPA Trust Services Principles and Criteria. 

SOC 2® Survey
As organizations embrace software as a service and information technology outsourcing, confidence in the outsourced services provided related to security, availability, processing integrity, confidentiality and privacy should be considered. Please take this short survey to help us understand how SOC 2® reports are being used to support organizational objectives. Our goal is to understand the ways companies and firms use SOC 2® reporting to make decisions, who the users of SOC 2® reports are, and consider additional frameworks that may be useful in a SOC 2®engagement and resulting report. You will be able to respond to the survey through July 1, 2016.  Thank you for your participation in this important initiative!  

Service Organization Control (SOC 2, SOC 3)

A compass for guidance through SOCService Organization Control Reports® are internal control reports on the services provided by a service organization providing valuable information that users need to assess and address the risks associated with an outsourced service.

Learn more about Service Organization Controls (SOC) Schools covering SOC 1, SOC 2 and SOC 3.

Visit to learn about more opportunities.

Visit the Service Organization Control page for additional information.

Trust Services/TSPC

Pen and paper to write down standards of IT Assurance

Trust Services are defined as a set of professional assurance and advisory services based on a common framework (that is, a core set of principles and criteria) to address the risks and opportunities of IT. Trust Services helps protect the public interest and builds confidence among customers of e-commerce businesses that online businesses are addressing key concerns of their customers. Trust Services Principles and Criteria are issued by the Assurance Services Executive Committee of the AICPA. 

© 2017 Association of International Certified Professional Accountants. All rights reserved.