主要联系人: Eric M. 莱特注册会计师，ctp

SOC 2 – Report on Controls at a Service Organization Relevant to Security, 可用性, 处理完整性, 保密和/或隐私.

With SOC 2 reports, organizations decide which categories to include in the scope of the examination. This flexibility means reports are unique to each company while providing a consistent framework to evaluate whether organizations meet the criteria for the categories included in the examination. These examinations are designed for a broad range of users that need information and assurance about the controls at a service organization relevant to security, availability and processing integrity of the systems the service organization uses to process users’ data, and the confidentiality and privacy of the information processed by these systems. 这份报告的使用受到限制. These reports can play an important role in oversight of the organization, 供应商管理程序, and internal corporate governance and risk management processes.

2017年AICPA信托bet9平台游戏类别

SOC 2交战类型

准备评估 – these reviews are designed to assist service organizations in assessing their preparedness for a SOC 2 examination. 准备评估s are non-attest consulting engagements designed to identify gaps in controls and advise the service organization of necessary corrective actions in preparation for the SOC examination. We work closely with the service organization to ensure mutual agreement on the applicable trust services categories and criteria, 以及对用户组织的重大风险.

1型 – reports on fairness of the presentation of management’s description of the service organization’s system and the suitability of the design of the controls to meet the applicable trust services categories and criteria included in the description as of a specified date. The SOC 2 1型 may be beneficial for organizations that have never completed an examination, since it assesses the design of controls at a specified date.

2型 – reports on fairness of the presentation of management’s description of the service organization’s system and the suitability of the design and operating effectiveness of the controls to meet the applicable trust services categories and criteria throughout the specified period. The SOC 2 2型 examination is typically suggested for organizations that have been through a readiness assessment or previously completed a 1型 examination since it assesses both the design and operating effectiveness of controls over a period of time.

附加主题

A service organization may request that the SOC report address additional subject matter that is not specifically covered by the trust services categories and criteria. 此类主题的例子可包括:

• bet9平台游戏组织SOC: SOC 2 HITRUST
• bet9平台游戏机构SOC: SOC 2 CSA STAR认证
• Compliance with certain criteria based on regulatory requirements (i.e.， hipaa, glba)
• Compliance with certain criteria based on industry requirements (i.e., 支付卡行业数据安全标准(PCI/DSS), American Land Title Association (ALTA) title insurance and settlement company best practices)
• Compliance with performance criteria established in a service-level agreement

附加SOCbet9平台游戏

• SOC 1考试
• SOC 3考试
• 面向网络安全的SOC
• 供应链SOC

SOC资源

• 施耐德唐斯SOC报告手册
• 施耐德Downs SOC报告概述
• 参加我们的免费SOC评估测验
• 施耐德唐斯SOC faq
• 施耐德唐斯SOC案例研究
• 施耐德Downs SOC '我们的想法'的文章
• 美国注册会计师协会SOC报告中心

关于施耐德唐斯SOCbet9平台游戏

施耐德唐斯对SOC报告采用了独特的方法, 整合资讯科技专业知识, 内部审计和外部审计专业人员. By combining cross-disciplinary knowledge and project management expertise, we are able to effectively deliver on our clients’ expectations. If you are interested in learning how we can assist your organization, please contact us to get started or learn more about our practice at SOC.

你的组织需要一个系统和吗
组织控制(soc)报告?

做一个免费的评估测验