SOC 2 审计 Report: Report on Controls at a Service Organization Relevant to Security, 可用性, Processing Integrity, Confidentiality or 隐私
A SOC 2 审计 is similar to a SOC 1 审计 but focuses instead on the effectiveness of internal controls as they relate to non-financial data. This type of 审计 is also conducted by an independent CPA firm and results in two reports similar to those conducted under a SOC 1 审计. The first report (a Type I report) reviews the effectiveness of the service organization’s internal control system and the suitability of the design of the controls as they pertain to non-financial data. The Type II report reviews the operating effectiveness of those controls.
SOC 2 审计 Reports
A SOC 2 审计 report which is delivered to the service organization, must include information related to at least one of AICPA’s trust service principles:
IT安全
可用性
Processing Integrity
Confidentiality
隐私
The 审计 can examine the protection of the organization’s internal control system against unauthorized access, its availability for use as intended, assurance that the data processed by the organization is comprehensive and accurate, that it meets agreed-upon confidentiality policies and that it meets similar privacy requirements 包括 under Generally Accepted 隐私 Principles.
Similar to the benefits provided by a SOC 1 审计, a SOC 2 审计 delivers a competitive and marketing advantage to service organizations and increases the perceived trust and reliability by clients that the service group can serve as effective stewards of its non-financial data and transactions.
You may subscribe to multiple newsletters and alerts using this form. (You may minimize this form to review the list of alerts and newsletters available to you. You may restore the form when you are ready.)