AICPA's Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (control criteria) guideline is intended for use by CPA's to provide advisory or attestation services to evaluate the controls within an entity’s cyber risk management program. Management teams can also use the trust services criteria to evaluate the suitability of design and operating effectiveness of controls. There are two types of SOC 2 reports for organisations. Type 2 report covers management’s description of a service organisation’s system and the suitability of the design and operating effectiveness of controls; and a type 1 report covers management’s description of a service organization’s system and the suitability of the design of controls.
5 broad categories, 12 sections, 61 subsections, 296 criteria
For businesses who need to provide third parties with a independent audit report that has evaluated the suitability of the design and operating effectiveness of controls relevant to the security, availability, or processing integrity of information and systems, or the confidentiality or privacy of the information processed by the systems at an entity, a division, or an operating unit of an entity.
Yes, authorised auditors can audit an organisation against this standard using the AICPA Attestation Guide Reporting on an Entity’s Cybersecurity Risk Management Program and Controls
Independent CPAs under AT-C section 105, Concepts Common to All Attestation Engagements, and AT-C section 205, Examination Engagements (AICPA, Professional Standards)
American Institute of Certified Public Accountants, Inc. (AICPA)
Discover the exceptional world of InfoSecAssure - your ultimate platform for achieving unparalleled business excellence! We offer an exclusive guided process designed to seamlessly assess your business against the coveted SOC2 requirements. Experience a personalised journey with expert assistance at every step, empowering you to access invaluable information on control requirements, testing procedures, and even the precise evidence auditors seek. With just a click, witness the magic unfold as outcomes are instantly showcased on a dynamic dashboard. But that's not all – brace yourself for the added advantage of creating meticulously detailed reports, effortlessly aligning findings to risks and controls. Elevate your security standards and join the InfoSecAssure revolution today! Sign up now for a secure future!
Book a free demonstration or talk to one of our team today to uncover how we can help ensure you align to standards while also understanding your risks and knowing what action to take to keep your business secure.