SOC for Service Organizations

SOC for Service Organizations Resources

Mapping of the 2017 Trust Services Criteria to Extant 2016 Trust Services Principles and Criteria

Illustrative Management Assertion and Service Auditor's Report for a Type 2 Examination of Controls at a Service Organization Relevant to Security, Availability, Processing Integrity and Confidentiality
This illustrative tool is intended as an example of management’s assertion and a service auditor’s report in a SOC 2 Type 2 engagement under the clarified Attestation Standards. It is an interim tool for use by practitioners while the SOC 2 guide is under revision and is subject to change in the final version of the guide that is scheduled for publication late 2017.

 SOC 2® + Additional Subject Matter

 Learn about additional considerations when a service organization requests that the service auditor’s report address either criteria in addition to the applicable trust services criteria or additional subject matter related to the service organization’s services using additional suitable criteria related to that subject matter, or both. This section also includes information about the following service offerings:

  • SOC for Service Organizations: SOC 2® HITRUST
  • SOC for Service Organizations: SOC 2® CSA STAR Attestation

SOC for Service Organizations Reports, Logos, Toolkits, Peer Review Requirements, and Other Related Information