×

Publications

Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy (SOC 2®) - AICPA Guide

Publisher: AICPA
  • $69.00-$89.00
    Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy (SOC 2®) - AICPA Guide In Stock Product #: AAGSOP15P
    AICPA Member: $69.00
    Non-Member: $89.00
  • $59.00-$79.00
    Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy (SOC 2®) - AICPA Guide eBook Download Product #: AAGSOP15E
    AICPA Member: $59.00
    Non-Member: $79.00
  • $59.00-$79.00
    Reporting on Controls at a Service Organization (SOC 2) – Guide and Alert Bundle Online Access Product #: WSOC2
    AICPA Member: $59.00
    Non-Member: $79.00

AICPA Guides are developed and updated to provide guidance and discussions specific to current industry developments and trends. This guide, Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy (SOC 2®) provides “how-to” guidance for service auditors performing examinations under AT section 101, Attest Engagements (AICPA, Professional Standards), to report on a service organization’s controls over its system relevant to security, availability, processing integrity, confidentiality, or privacy, commonly referred to as a service organization controls (SOC) 2 engagement.

Updated as of July 1, 2015, the guide includes relevant guidance contained in applicable standards and other technical sources. It explains the relationship between a service organization and its user entities, provides examples of service organizations including those that provide cloud computing services, identifies the criteria in Trust Service Principles and Criteria as the criteria to be used to evaluate the design and operating effectiveness of controls, explains the difference between a type 1 and type 2 SOC 2® report and provides an overview of the three reporting options for CPAs reporting on controls at a service organization. It describes the matters to be considered and procedures to be performed by the service auditor in planning and performing the engagement to test (1) the fairness of the presentation of management’s description of the service organization’s system; and (2) the suitability of the design and operating effectiveness of the controls included in the description. It also covers the service auditor’s responsibilities when reporting on a SOC 2 engagement.

This updated guide includes expanded practice guidance to assist the service auditor in performing a SOC 2 engagement and in understanding the service organization’s system in assessing the suitability of the design of the controls to meet the trust services criteria. It includes a comprehensive illustrative type 2 SOC 2 report which contains all of the components of a type 2 SOC 2 report. In addition, it includes expanded information on unique challenges and risks service auditors will encounter in performing SOC 2 or SOC 3® engagements for cloud computing service organizations.

Discounts

IMTA Section Members Save an Additional 10%: When you log into this website with your AICPA member user account, the section/credential discount will be automatically applied during checkout. Should you have any questions or encounter any issues, please contact the AICPA Service Center at 888-777-7077 or service@aicpa.org.
Find out more information on becoming an IMTA Section Member, click here.

Online Subscription > AICPA Online Professional Library.The online subscription option below includes content updates and unlimited online access for 1 year. AICPA Online Professional Library - your source for the latest guidance, information, and standards on a variety of accounting & auditing, industry-specific, and practice management topics. Subscribe to the product, bundle, or library that best meets your organization's needs. Click here for more information.

System Requirements

About the Publisher

AICPA

About the AICPA The American Institute of CPAs is the world’s largest member association representing the accounting profession, with more than 412,000 members in 144 countries, and a history of serving the public interest since 1887. AICPA members represent many areas of practice, including business and industry, public practice, government, education and consulting. The AICPA sets ethical standards for the profession and U.S. auditing standards for private companies, nonprofit organizations, federal, state and local governments. It develops and grades the Uniform CPA Examination, and offers specialty credentials for CPAs who concentrate on personal financial planning; forensic accounting; business valuation; and information management and technology assurance. Through a joint venture with the Chartered Institute of Management Accountants, it has established the Chartered Global Management Accountant designation, which sets a new standard for global recognition of management accounting.