Appendix D: AICPA SOC References and Resources
Service Organization Control Reports
Overview: Service Organization Control (SOC) reports are internal control reports on the services provided by a service organization providing valuable information that users need to assess and address the risks associated with an outsourced service.
SOC Reports Information for Service Organizations
Overview: SOC reports are designed to help service organizations, which are organizations that operate information systems and provide information system services to other entities, build trust and confidence in their service delivery processes and controls through a report by an independent CPA. Each type of SOC report is designed to help service organizations meet specific user needs.
SOC Reports Information for CPAs
Overview: To make CPAs aware of the various standards available to them for examining and reporting on controls at a service organization and to help CPAs select the appropriate standard for a particular engagement, the AICPA has introduced Service Organization ControlSM Reports and identified 3 different engagements (SOC 1, SOC 2, and SOC 3) that involve reporting on controls at a service organization. The following table identifies ...