2015 AICPA SOC School

The American Institute of Certified Public Accountants (AICPA) Service Organization Control (SOC) School - Advanced Guidance for Successful Engagements was recently held in Durham, NC.  The audience was diverse and included representatives from public accounting firms and other organizations vested in service organization control reporting (third-party service providers, users of the reports, consultants, etc.) from throughout the United States.

The discussions over a three-day period focused on the purpose and means of conducting effective SOC engagements (i.e., SOC 1, 2 and 3), and specifically targeted engagement planning, execution and reporting.  In addition, other areas covered included best practices for completing examinations and in-depth review of the trust service principles and respective criteria specific to SOC 2 and 3. The training sessions reinforced the key concepts and requirements for conducting and completing successful examinations.

SOC 2+ Reports

A trend that is growing in popularity in the SOC 2 community, especially for those organizations providing outsourced technology services, is the SOC 2+ report.  A  SOC 2+ report is the review of one to five of the trust service principles (i.e., criteria common to all / security, availability, processing integrity, confidentiality, and privacy) in combination with additional subject matter related to the service organization’s services using additional suitable criteria related to that subject matter.  Examples of additional suitable criteria include criteria established by the Cloud Security Alliance (CSA), requirements in the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the standards within the National Institute of Standards and Technology (NIST) Cybersecurity framework and the HITRUST Common Security Framework.  The ability to include additional criteria within the scope of a SOC 2 engagement both promotes greater efficiencies in the conduct of multiple examinations at a single organization and reduces the number of reports published for use by clients and other users of the reported results.

It was also reported that the AICPA will be releasing new SOC 2 guidance in fourth quarter 2015; a critical change will be the update and inclusion of the new privacy principle and its criteria in the guidance. 

Schneider Downs’ participation at the annual AICPA SOC School and other SOC professional forums is a demonstration of our firm’s commitment to remaining on the leading edge of SOC practices and ensuring that our team applies techniques that adhere to AICPA standards.  This commitment ensures that our clients’ examinations are conducted effectively and in accordance with current authoritative guidance aligned with leading practices.

Contact us with questions regarding SOC engagements and visit our SOC examination services page to learn about the services that the Schneider Downs Audit and Assurance Advisors offer.


You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at contactSD@schneiderdowns.com.

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2021 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on

Large Declines Expected for 2020 PA Impact Fee Collections
Audit BY Alexander Smith
PCAOB Critical Audit Matter Interim Report (Release No. 2020-002)
SOC, SOC 2 BY Rick Stevenson
How to Review a Vendor’s SOC Report
The CPA Evolution
Reflections from the Recent Employee Benefit Plan Season
OMB Issues Final 2020 Compliance Supplement

Register to receive our weekly newsletter with our most recent columns and insights.

Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us

contact us

Map of Pittsburgh Office

One PPG Place, Suite 1700
Pittsburgh, PA 15222

p:412.261.3644     f:412.261.4876

Map of Columbus Office

65 East State Street, Suite 2000
Columbus, OH 43215

p:614.621.4060     f:614.621.4062

Map of Washington Office
Washington, D.C.

1660 International Drive, Suite 600
McLean, VA 22102