Guide. SOC 2 Reporting on an Examination of Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy. AICPA

  • ID: 4495060
  • Book
  • 496 Pages
  • John Wiley and Sons Ltd
1 of 3
Updated as of January 1, 2018, this guide includes relevant guidance contained in applicable standards and other technical sources. It explains the relationship between a service organization and its user entities, provides examples of service organizations, describes the description criteria to be used to prepare the description of the service organization s system, identifies the trust services criteria as the criteria to be used to evaluate the design and operating effectiveness of controls, explains the difference between a type 1 and type 2 SOC 2 report, and provides illustrative reports for CPAs engaged to examine and report on system and organization controls at a service organization. It also describes the matters to be considered and procedures to be performed by the service auditor in planning, performing, and reporting on SOC 2 and SOC 3 engagements.

New to this edition are:
  • Updated for SSAE No. 18 (clarified attestation standards),  this guide has been fully conformed to reflect lessons learned in practice
  • Contains insight from expert authors on the SOC 2 working group composed of CPAs who perform SOC 2 and SOC 3 engagements
  • Includes illustrative report paragraphs describing the matter that gave rise to the report modification for a large variety of situations
  • Includes a new appendix for performing and reporting on a SOC 2 examination in accordance with International Standards on Assurance Engagements (ISAEs) or in accordance with both the AICPA s attestation standards and the ISAEs
Note: Product cover images may vary from those shown
2 of 3

Loading
LOADING...

3 of 3
AICPA
Note: Product cover images may vary from those shown
4 of 3
Note: Product cover images may vary from those shown
Adroll
adroll