Deloitte
Accounting Research Tool
...
Audit and Accounting Guides & Audit Risk Alerts

AICPA Guide: SOC 2® Reporting on an Examination of Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy

You must log in to view this content and have a subscription package that includes this content.

Required subscriptions

  • US GAAP
View all / combine content
ABSTRACTPrefaceChapter 1 — Introduction and BackgroundChapter 2 — Accepting and Planning a SOC 2® ExaminationChapter 3 — Performing the SOC 2® Examination Chapter 4 — Forming the Opinion and Preparing the Service Auditor’s ReportSupplement A — 2018 Description Criteria for a Description of a Service Organization’s System in a SOC 2® ReportSupplement B — Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and PrivacyAppendix A — Information for Service Organization ManagementAppendix B — Comparison of SOC 1®, SOC 2®, and SOC 3® Examinations and Related ReportsAppendix C — Illustrative Comparison of a SOC 2® Examination and Related Report With the Cybersecurity Risk Management Examination and Related ReportAppendix DAppendix D-1 — Illustrative Management Assertion and Service Auditor’s Report for a Type 2 Examination (Carved-Out Controls of a Subservice Organization and Complementary Subservice Organization and Complementary User Entity Controls)Appendix D-2 — Illustrative Service Organization and Subservice Organization Management Assertions and Service Auditor’s Report for a Type 2 Examination (Subservice Organization Presented Using the Inclusive Method and Complementary User Entity Controls)Appendix D-3 — Illustrative Service Auditor’s Report for a Type 2 Examination in Which the Service Auditor Disclaims an Opinion Because of a Scope LimitationAppendix D-4 — Illustrative Type 2 Report (Including Management’s Assertion, Service Auditor’s Report, and the Description of the System)Appendix E — Illustrative Management Assertion and Service Auditor’s Report for a Type 1 ExaminationAppendix F — Illustrative Management Assertion and Service Auditor’s Report for a SOC 3® ExaminationAppendix GAppendix G-1 — Illustrative Management Representation Letter for Type 2 EngagementAppendix G-2 — Illustrative Management Representation Letter for Type 1 EngagementAppendix H — Performing and Reporting on a SOC 2® Examination in Accordance With International Standards on Assurance Engagements (ISAEs) or in Accordance With Both the AICPA’s Attestation Standards and the ISAEsAppendix I — DefinitionsAppendix J — Overview of Statements on Quality Control StandardsIndex of Pronouncements and Other Technical GuidanceSubject Index