Appendix D: AICPA SOC References and Resources

Service Organization Control Reports

(www.aicpa.org/interestareas/frc/assuranceadvisoryservices/pages/sorhome.aspx)

Overview: Service Organization Control (SOC) reports are internal control reports on the services provided by a service organization providing valuable information that users need to assess and address the risks associated with an outsourced service.

SOC Reports Information for Service Organizations

(www.aicpa.org/interestareas/frc/assuranceadvisoryservices/pages/serviceorganization’smanagement.aspx)

Overview: SOC reports are designed to help service organizations, which are organizations that operate information systems and provide information system services to other entities, build trust and confidence in their service delivery processes and controls through a report by an independent CPA. Each type of SOC report is designed to help service organizations meet specific user needs.

SOC Reports Information for CPAs

(www.aicpa.org/interestareas/frc/assuranceadvisoryservices/pages/cpas.aspx)

Overview: To make CPAs aware of the various standards available to them for examining and reporting on controls at a service organization and to help CPAs select the appropriate standard for a particular engagement, the AICPA has introduced Service Organization ControlSM Reports and identified 3 different engagements (SOC 1, SOC 2, and SOC 3) that involve reporting on controls at a service organization. The following table identifies ...

Get 10 Steps to a Digital Practice in the Cloud, 2nd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.