Read more about the current Greenbook proposals. ...
This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our Privacy Policy.
To comply with the System and Organization Controls (SOC) 2 reporting requirements, auditors must evaluate whether controls at the service organization meet the applicable trust services criteria (TSC), which can relate to a broad range of systems. As defined by the American Institute of Certified Public Accountants (AICPA), the TSC include five categories.
The AICPA requires the application of the TSC for every SOC 2 engagement. Since security is a common component of each of the five categories, a SOC 2 engagement must cover security as a minimum requirement. These security requirements are also referred to as the common criteria and are applicable to all SOC 2 examinations.
Organizations can exercise discretion regarding which of the remaining categories they apply. The application of availability, processing integrity, confidentiality, and privacy depends on:
With certain exceptions, such as an engagement with a limited scope or the non-applicability of certain criteria, every criterion should be analyzed and included in the report. Regardless of the categories included within the scope of the examination, SOC 2 reports are restricted use reports, meaning that only the organization, its customers, and certain other parties should use them.
Schneider Downs employs a unique approach to SOC reports, integrating the expertise of information technology, internal audit, and external audit professionals. By combining cross-disciplinary knowledge and project management expertise, we are able to effectively deliver on our clients’ expectations. If you are interested in learning how we can assist your organization, please contact us to get started or learn more about our practice at www.schneiderdowns.com/soc.
Read more about the current Greenbook proposals. ...
Learn more about the regional and national supply chain implications of the Baltimore Key Bridge collapse. ...
We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.
Ask us
[email protected]
p:412.261.3644
f:412.261.4876
[email protected]
p:614.621.4060
f:614.621.4062
[email protected]
p:571.380.9003