Our Thoughts On

Sort by

Categories
Authors

SSAE 18/SOC

Articles 11 - 20 of 37

SOC 2 Reporting Standards Updated: Effective 12/15/2018

The AICPA recently updated the SOC 2 reporting standards to align with the COSO 2013 Internal Control Framework. The specific updates pertain to the updated

What Are Complementary Subservice Organization Controls And How Do They Impact SOC Reports?

Service organizations typically outsource functions such as data center hosting or transaction processing, to outside vendors, referred to as subservice

Postcard from the 2018 AICPA SOC for Cybersecurity Conference

I recently attended the AICPA’s SOC for Cybersecurity conference at the AICPA’s headquarters in Durham, North Carolina. The conference covered

Inclusive or Carve-Out: How Subservice Organizations Are Presented in SOC Reports

Service organizations typically use subservice organizations (i.e. third parties) to perform key controls that are necessary, in combination with the controls

Register to receive our weekly newsletter with our most recent columns and insights.

SOC Reporting: Vendor or Subservice Organization?

Many service organizations outsource functions of their business to third-party organizations (vendors). The functions performed by vendors may impact

How to Address a Modified Opinion in your SOC Report

In the event that a user obtains a System and Organization Controls (SOC) Report and sees that the service auditor has modified their opinion in some way,

What do user entities expect to be in your SOC Report?

When a service organization engages a service auditor to perform a System and Organization Controls (SOC) report examination, it is important to note that

My Client/Prospective Client Just Asked for a SOC Report. Now What Do I Do?

Does anxiety and panic set in when a client or prospect asks if you have a Systems and Organization Controls (SOC) report? Could you be in jeopardy of

Register to receive our weekly newsletter with our most recent columns and insights.

Proposed Revision of Criteria for a Description of a Service Organization's System in a SOC 2 Report

The system description of an SOC 2 report is the area in which the service organization details the system that is being assessed and the risks that are

SOC for Cybersecurity Reports: Overview and Comparison to SOC 2 Reports

The AICPA recently updated the System and Organization Controls (SOC) reporting suite of services with the releases of Statement on Standards for Attestation

Register to receive our weekly newsletter with our most recent columns and insights.