Assurance and Advisory Services

SOC 2 

Report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy

These reports are intended to meet the needs of a broad range of users that need to understand internal control at a service organization as it relates to security, availability, processing integrity, confidentiality and privacy. These reports are performed using the AICPA Guide:  Reporting on Controls at a Service Organizations Relevant to Security, Availability, Processing Integrity,  Confidentiality, or Privacy  and are intended for use by stakeholders (e.g., customers, regulators, business partners, suppliers, directors) of the service organization that have a thorough understanding of the service organization and its  internal controls. These reports can form an important part of stakeholders:

  • Oversight of the organization
  • Vendor management program
  • Internal corporate governance and risk management processes
  • Regulatory oversight

Similar to  SOC 1®  engagement there are two types of report : Type 2, report on management’s description of a service organization’s system and the suitability of the design and operating effectiveness of controls; and Type 1, report on management’s description of a service organization’s system and the suitability of the design of controls.  These reports may be restricted in use.  

 

 

Open Hide documents in this section

Page  1 2 3 4 5
Showing results 1 - 15 of 67
Order by:


Assurance and Advisory

Overview Find information and resources to keep abreast of new and emerging reporting and assurance needs and help you embrace new service opportunities.
Published on April 21, 2016

SOC Guides and Publications

Article Review valuable SOC guides and publications to help your professional competency and increase your value to your clients.
Published on April 11, 2016

Assurance Services Executive Committee

Article The ASEC's mission is to assure the quality, relevance, and usefulness of information or its context for decision makers and other users by identifying and prioritizing emerging trends and market needs for assurance, and developing related assurance methodology guidance and tools as needed.
Published on April 04, 2016

AICPA Service Organization Control Reports Logos

Article SOC 1, SOC 2 and SOC 3 and the associated logos are trademarks, service marks and certification marks of the American Institute of Certified Public Accountants (AICPA), which reserve
Published on April 02, 2016

SOC Logo Guidelines for Service Organizations

Terms and Conditions Before downloading the Service Organization Logo or displaying it on any website, you must read and understand these Guidelines.  Please also note that the Guidelines are subject to change by the AICPA without prior notice.  You are responsible for maintaining familiarity with the current Guidelines during the course of your
Published on April 01, 2016

SOC Logo Guidelines for CPAs

Terms and Conditions Before downloading the Service Organization Logo or displaying it on any website, you must read and understand these Guidelines.  Please also note that the Guidelines are subject to change by the AICPA without prior notice.  You are responsible for maintaining familiarity with the current Guidelines during the course of your
Published on April 01, 2016

Cybersecurity Resource Center

Tools This webpage provides details and links to valuable resources for CPAs providing cybersecurity advisory and assurance services.
Published on March 22, 2016

Audit Data Analytics

Article The AICPA’s Assurance Services Executive Committee (ASEC), has created an Emerging Assurance Technologies Task Force, which ha
Published on March 11, 2016

Audit Data Analytics Guide

Guide Replaces the current AICPA Analytical Procedures Guide, it discusses audit data analytics and provides examples of how these tools and techniques can be integrated into the audit process at a foundational level.
Published on March 11, 2016

Audit Data Standards

Article Find information and resources to keep abreast of new and emerging reporting and assurance needs and help you embrace new service opportunities.
Published on March 11, 2016

Users and User Entities

Article Many companies function more efficiently and profitably by outsourcing tasks or entire functions to service organizations that have the personnel, expertise, equipment, or technology to accomplish these tasks or functions. Examples of  
Published on March 04, 2016

Trust Services and Information Integrity

Article The Trust Information Integrity Task Force is focused on updating and maintaining the Trust Services Principles and Criteria (TSPC) and creating a framework of principles and criteria to provide assurance on the integrity of information. The task force is also developing a Audit Guide on reporting on controls relevant to the security, availability,
Published on February 23, 2016

Sample of HITRUST CSF Certification Report

Sample Report This document illustrates a sample of HITRUST CSF Certification Report and is provided for use by HITRUST.
Published on December 01, 2015

SOC 2 Additional Subject Matter

Article Learn about additional considerations when a service organization requests that the service auditor’s report address either criteria in addition to the applicable trust services criteria or additional subject matter related to the service organization’s services using additional suitable criteria related to that subject matter, or both.
Published on November 30, 2015

SOC 2 HITRUST Illustrative Report

Article The AICPA has developed an illustrative report to assist CPAs in reporting on the fairness of the presentation of a description of a service organization’s system relevant to security, availability and confidentiality, and the suitability of the design and operating effectiveness of controls.
Published on November 30, 2015

Page  1 2 3 4 5
Showing results 1 – 15 of 67
Show Results per page
Copyright © 2006-2016 American Institute of CPAs.