AICPA Updates SOC 2 Guide and Issues Description Criteria
Earlier this month, the American Institute of Certified Public Accountants (“AICPA”) announced the issuance of its revised SOC 2® Reporting on an Examination of Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy . The updated SOC 2 guide features insights from Certified Public Accountants (“CPAs”) who perform such engagements. CPAs must apply the updated guidance to SOC 2 reports distributed for reporting periods ending on or after December 16, 2018, with earlier adoption permitted. The AICPA has also issued the following professional standards related to the description criteria (“DC”) for SOC 2 reports: Description Criteria Section 200, Description Criteria for a Description of a Service Organization’s System in a SOC 2 Report. The 2018 description criteria. Read More.
Exposure Draft Issued on SOC 2 Description Criteria
As a result of its decision to publish a standalone document describing a service organization’s system, the American Institute of Certified Public Accountants (“AICPA”) recently issued the exposure draft, Proposed Revision of Description Criteria for a Description of a Service Organization’s System in a SOC 2(R) Report. The proposed revision of the SOC 2 description criteria will be separate from the AICPA Guide, Reporting on an Examination of Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy (SOC 2®), and codified in AICPA Professional Standards as measurement criteria. Also, additions to future Guide revisions will. Read More.
AICPA Updates the Trust Services Principles and Criteria Related to SOC 2 & 3 Audits
In February, the American Institute of Certified Public Accountants’ (“AICPA”) released an updated edition of its Trust Services Principles and Criteria (“TSP”) 2014. The TSP’s criteria is utilized by CPA firms in performing Service Organization Control (“SOC 2” or “SOC 3”) audit engagements that report on the system controls relevant to security, availability, processing integrity, confidentiality and/or privacy. The revised Trust Principles are effective for reporting periods ending or after December 15, 2014, but the AICPA is permitting early adoption. The revisions are intended to improve clarity, eliminate redundancy, and update criteria based upon changes in technology and business environments.. Read More.