SOC 2® Reporting on an Examination of Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy
Gain an up-to-date, holistic understanding of SOC 2 and SOC 3 examination engagements. This guide will help you understand What goes into planning, performing and reporting on SOC 2 and SOC 3 engagements.

If you are purchasing a product in one of the following formats, please check the system requirements below:

Online Professional Library
The AICPA Online Professional Library will operate in a variety of configurations, but only the configuration described below is supported by our technicians:

  • Windows 7+ (Latest Microsoft Edge, Internet Explorer, Firefox or Chrome)


Minimum system requirements are:

  • Internet access
  • Adobe ID
  • Adobe® Digital Editions (ADE) is a free program that lets you read eBooks on a PC, Mac, and any supported smartphone or tablet. You MUST download and login to ADE in order to view an AICPA eBook. AICPA eBooks are best viewed when using ADE 3 for PC and ADE 4 for Mac.
  • For mobile access to eBooks, download the free Bluefire Reader app for Apple (iOS) and Android phones and tablets.


  • eBooks are intended for a single user only.
  • An eBook is a downloadable file that will be accessible immediately after completing your purchase. Access to the download link expires 180 days from the purchase date so you must download the file before this time elapses.
  • This product is refundable within 10 days of your purchase date.

Read the AICPA eBook Tutorial and see our FAQ for more information.


  • Adobe® Acrobat® Reader 8 or higher
Product details

Learn to effectively perform SOC 2 and SOC 3® examination engagements

Key Topics

  • Requirements and guidance in SSAE No. 18
  • How to efficiently plan, perform and report on SOC 2 and SOC 3 engagements
  • How to describe a matter giving rise to a modified opinion
  • Organize and draft relevant sections of a type 1 SOC 2 report and SOC 3 report
  • Develop management representation letters for SOC 2 and SOC 3 engagements
  • Apply the 2017 trust services criteria in SOC 2 and SOC 3 examinations
  • Apply the 2018 description criteria in SOC 2 examinations

Who Will Benefit?

  • Practitioners performing SOC 2 and SOC 3 engagements
  • Managers of service organizations that have SOC 2 and SOC 3 engagements being performed
  • SOC 2 and SOC 3 report readers

Updated as of January 1, 2018, this guide is the industry standard resource that will help you understand the issues in reporting on an examination of Service Organization Controls.
You'll also learn:

  • The difference between a type 1 and type 2 SOC 2 report
  • What goes into planning, performing and reporting on SOC 2 and SOC 3 engagements
  • Examples of service organizations
  • How to prepare the description of the service organization's system

See what's new

You'll want to have this this guide available as a resource that:

  • Has been fully updated and formatted to reflect lessons learned in practice for SSAE No. 18 (clarified attestation standards).
  • Contains insight from expert authors on the SOC 2 working group composed of CPAs who perform SOC 2 and SOC 3 engagements.
  • Includes illustrative report paragraphs describing many different types of report modifications.
  • Includes a new appendix for performing and reporting on a SOC 2 examination.
Content preview


Ratings and reviews

American Institute of CPAs

The American Institute of CPAs (AICPA) is the world’s largest member association representing the CPA profession, with more than 418,000 members in 143 countries, and a history of serving the public interest since 1887. AICPA members represent many areas of practice, including business and industry, public practice, government, education and consulting.

The AICPA sets ethical standards for the profession and U.S. auditing standards for private companies, nonprofit organizations, federal, state and local governments. It develops and grades the Uniform CPA Examination, and offers specialized credentials for qualified professionals who concentrate on personal financial planning; forensic accounting; business valuation; and information management and technology assurance. With The Chartered Institute of Management Accountants (CIMA), it offers the Chartered Global Management Accountant (CGMA) designation, which sets the global benchmark for quality and recognition in management accounting.

The AICPA and CIMA also make up the Association of International Certified Professional Accountants (the Association), which represents public and management accounting globally, advocating on behalf the public interest and advancing the quality, competency and employability of CPAs, CGMAs and other accounting and finance professionals worldwide.

The AICPA maintains offices in New York, Washington, DC, Durham, NC, and Ewing, NJ.

Member Quantity:
Nonmember Quantity:
Estimated total:
Add to cart
Back to Top