SOC 2 Reports

SOC 2 Report – SOC for Service Organizations: Trust Services Criteria

The AICPA’s SOC 2 report is a report that addresses the need to provide information and assurance on non-financial controls. It is designed to report on controls that are relevant to the security, availability and processing integrity of the systems used by organizations to process user entities' data. It can also be used to address the need for assurance on the confidentiality and privacy of the information processed by these systems. 

SOC 2 reports contain the same report elements as SOC 1 reports but are prepared in accordance with the AT Section 101 attest standard rather than the SSAE 18 standard. Furthermore, the control objectives in a SOC 2 report are based on the AICPA and CICA’s Trust Service Principles and Criteria, previously used by the WebTrust and SysTrust certifications. Like SOC 1 reports, SOC 2 reports are available in a Type 1 and a Type 2 report. 

Purpose and Intended Audience

SOC 2 reports are generally a restricted use report. They are designed for management of the organization, management of the user entities and customers of the organization as well as suppliers, business partners and others associated with the organization. The intent of a SOC 2 report is to provide an understanding of the details of the processing and controls at an organization with the goal of instilling confidence and gaining trust in that organization’s systems. 

Types of SOC 2 Reports

There are two types of SOC 2 reports. 

REPORT TYPE

REPORT COMPONENTS

Type 1 Report

  1. Opinion on whether management’s description of the service organization’s systems is fairly presented
  2. Opinion on the suitability of the design of the controls to achieve the related control objectives included in the description as of a specified date

Type 2 Report

  1. Opinion on whether management’s description of the service organization’s systems is fairly presented
  2. Opinion on the suitability of the design of the controls to achieve the related control objectives included in the description throughout a specified period
  3. Opinion on the operating effectiveness of the controls along with a detailed description and the results of the tests performed in order to form that opinion

 

MORE INFORMATION

The practitioners at MFA are well-versed in assessing a firm’s internal controls and providing proactive guidance in this area. To learn more about our SOC 2 examinations, please contact the MFA team today.

 

 

AICPA SOC Report

 

RELATED TEAM MEMBERS

Michelle Kupka Audit Partner (978) 557-5342
Michelle Mackey Partner – Performance & Controls Practice (978) 569-2909

DOWNLOAD BROCHURE

Contact Us
Message
Back