Exposure Draft Issued on SOC 2 Description Criteria
As a result of its decision to publish a standalone document describing a service organization’s system, the American Institute of Certified Public Accountants (“AICPA”) recently issued the exposure draft, Proposed Revision of Description Criteria for a Description of a Service Organization’s System in a SOC 2(R) Report. The proposed revision of the SOC 2 description criteria will be separate from the AICPA Guide, Reporting on an Examination of Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy (SOC 2®), and codified in AICPA Professional Standards as measurement criteria. Also, additions to future Guide revisions will. Read More.
AICPA Updates the Trust Services Principles and Criteria Related to SOC 2 & 3 Audits
In February, the American Institute of Certified Public Accountants’ (“AICPA”) released an updated edition of its Trust Services Principles and Criteria (“TSP”) 2014. The TSP’s criteria is utilized by CPA firms in performing Service Organization Control (“SOC 2” or “SOC 3”) audit engagements that report on the system controls relevant to security, availability, processing integrity, confidentiality and/or privacy. The revised Trust Principles are effective for reporting periods ending or after December 15, 2014, but the AICPA is permitting early adoption. The revisions are intended to improve clarity, eliminate redundancy, and update criteria based upon changes in technology and business environments.. Read More.