SOC 2 Examination

SOC 2 - Report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy. SOC 2 examinations are designed for a broad range of users that need information and assurance about the controls at a service organization relevant to security, availability and processing integrity of the systems the service organization uses to process users' data, and the confidentiality and privacy of the information processed by these systems. Use of this report is restricted. These reports can play an important role in oversight of the organization, vendor management programs, and internal corporate governance and risk management processes.

The 2017 AICPA Trust Services Principles

The 2016 AICPA Trust Services Principles

Types of SOC 2 Engagements

  • Readiness Assessment - these reviews are designed to assist service organizations in assessing their preparedness for a SOC 2 examination. Readiness Assessments are non-attest consulting engagements designed to identify gaps in controls and advise the service organization of necessary corrective actions in preparation for the SOC examination. We work closely with the service organization to ensure mutual agreement on the applicable trust services principles and criteria, as well as the risks significant to user organizations
  • Type I - reports on fairness of the presentation of management's description of the service organization's system and the suitability of the design of the controls to meet the applicable trust services principles and criteria included in the description as of a specified date. The SOC 2, Type 1 may be beneficial for organizations that have never completed an examination, since it assesses the design of controls at a specified date.
  • Type II - reports on fairness of the presentation of management's description of the service organization's system and the suitability of the design and operating effectiveness of the controls to meet the applicable trust services principles and criteria throughout the specified period. The SOC 2, Type 2 examination is typically suggested for organizations that have been through a readiness assessment or previously completed a Type 1 examination, since it assesses both the design and operating effectiveness of controls over a period of time.
  • Additional Subject Matter - a service organization may request that the SOC report address additional subject matter that is not specifically covered by the trust services principles and criteria. Examples of such subject matter may include:
    • SOC for Service Organizations: SOC 2HITRUST
    • SOC for Service Organizations: SOC 2 CSA STAR Attestation
    • compliance with certain criteria based on regulatory requirements (i.e., HIPAA, GLBA)
    • compliance with certain criteria based on industry requirements (i.e., Payment Card Industry Data Security Standards (PCI/DSS), American Land Title Association (ALTA) title insurance and settlement company best practices)
    • compliance with performance criteria established in a service-level agreement

Click here to read about the other types of SOC examinations and the overall SOC Practice at Schneider Downs.

case studies

 
Ransomware attack halted a global manufacturer's operations.
big problem:
Ransomware attack halted a global manufacturer's operations.
big thinking:
Recover and secure the system – fast – save $1 million in ransom.
 
High tax burden for family-owned franchisor.
big problem:
High tax burden for family-owned franchisor.
big thinking:
Comprehensive planning for a 15% tax reduction.

our thoughts on

FASB Delays Leasing and Revenue Recognition for Certain Organizations in Response to COVID-19

On Wednesday, May 20, 2020, the FASB voted to delay the effective date of ASU 2016-012, Leases and ASU 2014-09, Revenues from Contracts with Customers

read more >

Application to Receive Funding for On-Road and Class 8 Fleet Vehicle Projects in Pennsylvania Now Available!

As you know from our previous articles (Volkswagen Environmental Mitigation Trust Fund), Volkswagen is obligated to fund various environmental trusts for

read more >

Financial Fitness: Setting SMART Goals

This article was originally published in Wedgewood Life magazine and is reprinted with their permission. Happy New Year! As the calendar flips and a New

read more >

Good News Regarding Excess Business Losses For Your Pass-Through Construction Business

If you own a construction business, you know all too well that one or more bad contracts can make or break the financial results for the year. If you were

read more >

Financial Fitness - Are my personal finances on the right track?

This article was originally published in Wedgewood Life magazine and is reprinted with their permission. This is a frequently asked question by my clients

read more >

Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us

contact us

Map of Pittsburgh Office
Pittsburgh

One PPG Place, Suite 1700
Pittsburgh, PA 15222

contactsd@schneiderdowns.com
p:412.261.3644     f:412.261.4876

Map of Columbus Office
Columbus

65 East State Street, Suite 2000
Columbus, OH 43215

contactsd@schneiderdowns.com
p:614.621.4060     f:614.621.4062

Map of Washington Office
Washington, D.C.

1660 International Drive, Suite 600
McLean, VA 22102