| |
|
|
SOC 2 & 3 reports are intended to meet the needs of a broad range of users that need to understand internal control at a service organization as it relates to security, availability, processing integrity, confidentiality and privacy. These reports are performed using the American Institute of Certified Public Accountants (AICPA) Guide: Reporting on Controls at a Service Organizations Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy and are intended for use by stakeholders (e.g. customers, regulators, business partners, suppliers, directors) of the service organization that have a thorough understanding of the service organization and its internal controls.
Similar to SOC 1, there are two types of reports: Type 2, report on management’s description of a service organization’s system and the suitability of the design and operating effectiveness of controls; and Type 1, report on management’s description of a service organization’s system and the suitability of the design of controls. These reports may be restricted in use.
Many entities function more efficiently and profitably by outsourcing tasks or entire functions to other organizations that have the personnel, expertise, equipment or technology to accomplish these tasks or functions. To learn more about the types of service organizations Stone Carlie provides SOC 2 & 3 reports to and why Trust Services helps differentiate entities from their competitors, please click here.
|
| |
|
|