SOC 2® Reporting on an Examination of Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy
Gain an up-to-date, holistic understanding of SOC 2 and SOC 3 examination engagements. This guide will help you understand What goes into planning, performing and reporting on SOC 2 and SOC 3 engagements.

If you are purchasing a product in one of the following formats, please check the system requirements below:

Online Professional Library
The AICPA Online Professional Library will operate in a variety of configurations, but only the configuration described below is supported by our technicians:

  • Windows 7+ (Latest Microsoft Edge, Internet Explorer, Firefox or Chrome)

eBooks through VitalSource®

Operating Systems:

  • Windows 7/8/8.1/10 (32/64 bit)
  • Mac (OS X 10.9 or later)


  • Chrome (stable channel)
  • Firefox (release channel)
  • Safari 9+
  • Internet Explorer 11+
  • Microsoft Edge
  • Mobile Safari 9+
  • Chrome for Android (stable channel)


  • iPhone (iOS 10 or later)
  • iPad (iOS 10 or later)
  • Android Smartphone 5.0 or later
  • Android Tablet (Android OS 5.0 or later)
  • Kindle Fire (OS 5 or later)

VitalSource supports the current browser version.

Other Software Needs
To access your Interactive eBook on your tablet, desktop or mobile device, download the appropriate VitalSource Bookshelf app. Downloading this product will require an account with the third-party vendor and your data will be treated according to the vendor’s terms and conditions.


  • eBooks are intended for a single user only.
  • eBooks are accessible immediately after completing your purchase. Access to the link on the AICPA Store expires one year from the purchase date. You must create a VitalSource account before this time elapses in order to have continued access.
  • This product is refundable within 14 days of your purchase date if no more than 20% of the content was accessed.

Read our eBook Tutorial and see our FAQ for more information.


  • Adobe® Acrobat® Reader 8 or higher
Product details

Learn to effectively perform SOC 2 and SOC 3® examination engagements

Key Topics

  • Requirements and guidance in SSAE No. 18
  • How to efficiently plan, perform and report on SOC 2 and SOC 3 engagements
  • How to describe a matter giving rise to a modified opinion
  • Organize and draft relevant sections of a type 1 SOC 2 report and SOC 3 report
  • Develop management representation letters for SOC 2 and SOC 3 engagements
  • Apply the 2017 trust services criteria in SOC 2 and SOC 3 examinations
  • Apply the 2018 description criteria in SOC 2 examinations

Who Will Benefit?

  • Practitioners performing SOC 2 and SOC 3 engagements
  • Managers of service organizations that have SOC 2 and SOC 3 engagements being performed
  • SOC 2 and SOC 3 report readers

Updated as of January 1, 2018, this guide is the industry standard resource that will help you understand the issues in reporting on an examination of Service Organization Controls.
You'll also learn:

  • The difference between a type 1 and type 2 SOC 2 report
  • What goes into planning, performing and reporting on SOC 2 and SOC 3 engagements
  • Examples of service organizations
  • How to prepare the description of the service organization's system

See what's new

You'll want to have this this guide available as a resource that:

  • Has been fully updated and formatted to reflect lessons learned in practice for SSAE No. 18 (clarified attestation standards).
  • Contains insight from expert authors on the SOC 2 working group composed of CPAs who perform SOC 2 and SOC 3 engagements.
  • Includes illustrative report paragraphs describing many different types of report modifications.
  • Includes a new appendix for performing and reporting on a SOC 2 examination.
Content preview


Ratings and reviews

American Institute of CPAs

The American Institute of CPAs (AICPA) is the world’s largest member association representing the CPA profession, with more than 418,000 members in 143 countries, and a history of serving the public interest since 1887. AICPA members represent many areas of practice, including business and industry, public practice, government, education and consulting.

The AICPA sets ethical standards for the profession and U.S. auditing standards for private companies, nonprofit organizations, federal, state and local governments. It develops and grades the Uniform CPA Examination, and offers specialized credentials for qualified professionals who concentrate on personal financial planning; forensic accounting; business valuation; and information management and technology assurance. With The Chartered Institute of Management Accountants (CIMA), it offers the Chartered Global Management Accountant (CGMA) designation, which sets the global benchmark for quality and recognition in management accounting.

The AICPA and CIMA also make up the Association of International Certified Professional Accountants (the Association), which represents public and management accounting globally, advocating on behalf the public interest and advancing the quality, competency and employability of CPAs, CGMAs and other accounting and finance professionals worldwide.

The AICPA maintains offices in New York, Washington, DC, Durham, NC, and Ewing, NJ.

Member Quantity:
Nonmember Quantity:
Estimated total:
Add to cart
Back to Top