Inclusive or Carve-Out: How Subservice Organizations Are Presented in SOC Reports
Service organizations typically use subservice organizations (i.e. third parties) to perform key controls that are necessary, in combination with the controls
How to Address a Modified Opinion in your SOC Report
In the event that a user obtains a System and Organization Controls (SOC) Report and sees that the service auditor has modified their opinion in some way,
What do user entities expect to be in your SOC Report?
When a service organization engages a service auditor to perform a System and Organization Controls (SOC) report examination, it is important to note that
Proposed Revision of Criteria for a Description of a Service Organization's System in a SOC 2 Report
The system description of an SOC 2 report is the area in which the service organization details the system that is being assessed and the risks that are
SOC for Cybersecurity Reports: Overview and Comparison to SOC 2 Reports
The AICPA recently updated the System and Organization Controls (SOC) reporting suite of services with the releases of Statement on Standards for Attestation
AICPA SSAE 18 - Does Your Service Organization Effectively Assess the Controls Residing at its Subservice Organizations?
Many service organizations (e.g., payroll processors, data centers, facilities management companies), for reasons similar to why their clients contract
SSAE 18 - It's Almost Here...What Are the SOC Reporting Implications?
In April 2016, the American Institute of Certified Public Accountants (AICPA) Auditing Standards Board (ASB) issued the Statement on Standards for Attestation
This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our Privacy Policy.