SOC 2 Audit Report: Report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy
A SOC 2 audit is similar to a SOC 1 audit but focuses instead on the effectiveness of internal controls as they relate to non-financial data. This type of audit is also conducted by an independent CPA firm and results in two reports similar to those conducted under a SOC 1 audit. The first report (a Type I report) reviews the effectiveness of the service organization’s internal control system and the suitability of the design of the controls as they pertain to non-financial data. The Type II report reviews the operating effectiveness of those controls.
SOC 2 Audit Reports
A SOC 2 audit report which is delivered to the service organization, must include information related to at least one of AICPA’s trust service principles:
IT security
Availability
Processing Integrity
Confidentiality
Privacy
The audit can examine the protection of the organization’s internal control system against unauthorized access, its availability for use as intended, assurance that the data processed by the organization is comprehensive and accurate, that it meets agreed-upon confidentiality policies and that it meets similar privacy requirements including under Generally Accepted Privacy Principles.
Similar to the benefits provided by a SOC 1 audit, a SOC 2 audit delivers a competitive and marketing advantage to service organizations and increases the perceived trust and reliability by clients that the service group can serve as effective stewards of its non-financial data and transactions.
You may subscribe to multiple newsletters and alerts using this form. (You may minimize this form to review the list of alerts and newsletters available to you. You may restore the form when you are ready.)
