Assurance and Advisory Services

SOC 2® - SOC for Service Organizations: Trust Services Criteria  

Report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy

These reports are intended to meet the needs of a broad range of users that need detailed information and assurance about the controls at a service organization relevant to security, availability, and processing integrity of the systems the service organization uses to process users’ data and the confidentiality and privacy of the information processed by these systems. These reports can play an important role in:

  • Oversight of the organization
  • Vendor management programs
  • Internal corporate governance and risk management processes
  • Regulatory oversight

Similar to a SOC 1 report, there are two types of reports: A type 2 report on management’s description of a service organization’s system and the suitability of the design and operating effectiveness of controls; and a type 1 report on management’s description of a service organization’s system and the suitability of the design of controls. Use of these reports are restricted.

Open Hide documents in this section

Page  1 2 3 4 5 >> 
Showing results 1 - 15 of 96
Order by:


Description Criteria for Managements Description of the Entitys Cybersecurity Risk Management Program

Guidance Description criteria used by management in designing and describing their cybersecurity risk management program, and by CPAs to report on management's description
Published on April 24, 2017

Illustrative Cybersecurity Risk Management Report

Sample Report This document provides an illustrative example of an entity's cybersecurity risk management report related to its SOC for Cybersecurity engagement.
Published on April 24, 2017

SOC for Cybersecurity Information for Entity Management

Guidance Provides guidance to assist management of organizations with understanding (1) the cybersecurity risk management examination that can be performed by a CPA (practitioner) in connection with certain entity-prepared cybersecurity information (2) management's responsibilities in connection with that engagement.
Published on April 24, 2017

SOC for Cybersecurity Backgrounder

Overview This document provides background information about the SOC for Cybersecurity engagement and related approach
Published on April 24, 2017

Mapping of the 2017 Trust Services Criteria to Extant 2016 Trust Services Principles and Criteria

Framework This tool demonstrates how the control criteria in the 2016 version of the Trust Services Criteria maps to the revised control criteria in the 2017 Trust Services Criteria.
Published on April 24, 2017

Cybersecurity Risk Management Reporting Fact Sheet

Tools This fact sheet provides an overview of the new AICPA cybersecurity risk management reporting framework
Published on April 24, 2017

Illustrative Comparison of the Cybersecurity Risk Management Examination with a SOC 2 Examination and Related Reports

Tools This illustrative tool highlights the key distinctions between a cybersecurity risk management examination and a SOC 2 examination and the related reports.
Published on April 24, 2017

SOC 1 - SOC for Service Organizations ICFR

Article Report on Controls at a Service Organization Relevant to User Entities’ Internal Control over Financial Reporting (ICFR) These reports, prepared in accordance with AT-C section 320, Reporting on an Examination of Controls at a Service Organization Relev
Published on April 24, 2017

Assurance and Advisory

Overview Find information and resources to keep abreast of new and emerging reporting and assurance needs and help you embrace new service opportunities.
Published on April 24, 2017

SOC 3 SOC for Service Organizations Trust Services Criteria for General Use Report

Article Trust Services Report for Service Organizations These reports are designed to meet the needs of users who need assurance about the controls at a service organization relevant to security, availability, processing integrity confi
Published on April 24, 2017

SOC for Service Organizations Information for CPAS

Overview SOC for Service Organizations include 3 different examination engagements (SOC 1®, SOC 2®and SOC 3®) that involve reporting on controls at a service organization.
Published on April 24, 2017

SOC for Service Organizations Logos

Article SOC 1, SOC 2 and SOC 3 and the associated logos are trademarks, service marks and certification marks of the American Institute of Certified Public Accountants (AICPA), which
Published on April 24, 2017

SOC for Service Organizations Information for Users and User Entities

Article Many companies function more efficiently and profitably by outsourcing tasks or entire functions to service organizations that have the personnel, expertise, equipment, or technology to accomplish these tasks or functi
Published on April 24, 2017

SOC for Service Organizations Information for Service Organizations

Overview SOC for Service Organizations reports are designed to help service organizations that provide services to other entities, build trust and confidence in the service performed and controls related to
Published on April 24, 2017

SOC for Cybersecurity Information for CPAs

Article Cybersecurity threats are on the rise, challenging organizations of all sizes—whether public or private. Boards
Published on April 24, 2017

Page  1 2 3 4 5 >> 
Showing results 1 – 15 of 96
Show Results per page
Copyright © 2006-2017 American Institute of CPAs.