...
Audit and Accounting Guides & Audit Risk Alerts AICPA Guide: SOC 2® Reporting on an Examination of Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy
You must log in to view this content and have a subscription package that includes this content.
Required subscriptions
- US GAAP
View all / combine content
ABSTRACTPrefaceChapter 1 — Introduction and BackgroundChapter 2 — Accepting and Planning a SOC 2 ExaminationChapter 3 — Performing the SOC 2 ExaminationChapter 4 — Forming the Opinion and Preparing the Service Auditor’s ReportAppendix A — Comparison of SOC 1, SOC 2, and SOC 3 Examinations and Related ReportsAppendix B — Comparison of SOC 2, SOC for Supply Chain, and SOC for Cybersecurity Examinations and Related ReportsAppendix CAppendix C-1 — Illustrative Management Assertion and Service Auditor’s Report for a Type 2 Examination (Carved-Out Controls of a Subservice Organization and Complementary Subservice Organization Controls and Complementary User Entity Controls)Appendix C-2 — Illustrative Service Organization and Subservice Organization Management Assertions and Service Auditor’s Report for a Type 2 Examination (Subservice Organization Presented Using the Inclusive Method and Complementary User Entity Controls)Appendix C-3 — Illustrative Service Auditor’s Report for a Type 2 Examination in Which the Service Auditor Disclaims an Opinion Because of a Scope LimitationAppendix D — Illustrative Management Assertion and Service Auditor’s Report for a Type 1 ExaminationAppendix E — Illustrative Service Auditor’s Report for a SOC 2+ ExaminationAppendix F — Illustrative Management Assertion and Service Auditor’s Report for a SOC 3 ExaminationAppendix G — Performing and Reporting in a SOC 2 Examination in Accordance With International Standards on Assurance Engagements (ISAEs) or in Accordance With Both the AICPA’s Attestation Standards and the ISAEsAppendix H — DefinitionsAppendix I — Overview of Statements on Quality Management Standards
ABSTRACTPrefaceChapter 1 — Introduction and BackgroundChapter 2 — Accepting and Planning a SOC 2 ExaminationChapter 3 — Performing the SOC 2 ExaminationChapter 4 — Forming the Opinion and Preparing the Service Auditor’s ReportAppendix A — Comparison of SOC 1, SOC 2, and SOC 3 Examinations and Related ReportsAppendix B — Comparison of SOC 2, SOC for Supply Chain, and SOC for Cybersecurity Examinations and Related ReportsAppendix CAppendix C-1 — Illustrative Management Assertion and Service Auditor’s Report for a Type 2 Examination (Carved-Out Controls of a Subservice Organization and Complementary Subservice Organization Controls and Complementary User Entity Controls)Appendix C-2 — Illustrative Service Organization and Subservice Organization Management Assertions and Service Auditor’s Report for a Type 2 Examination (Subservice Organization Presented Using the Inclusive Method and Complementary User Entity Controls)Appendix C-3 — Illustrative Service Auditor’s Report for a Type 2 Examination in Which the Service Auditor Disclaims an Opinion Because of a Scope LimitationAppendix D — Illustrative Management Assertion and Service Auditor’s Report for a Type 1 ExaminationAppendix E — Illustrative Service Auditor’s Report for a SOC 2+ ExaminationAppendix F — Illustrative Management Assertion and Service Auditor’s Report for a SOC 3 ExaminationAppendix G — Performing and Reporting in a SOC 2 Examination in Accordance With International Standards on Assurance Engagements (ISAEs) or in Accordance With Both the AICPA’s Attestation Standards and the ISAEsAppendix H — DefinitionsAppendix I — Overview of Statements on Quality Management Standards