Statements (48)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
gptkb:audit
|
| gptkbp:appliesTo |
cloud service providers
data processors IT managed services |
| gptkbp:assesses |
gptkb:security
privacy controls availability confidentiality processing integrity |
| gptkbp:basedOn |
gptkb:Trust_Services_Criteria
|
| gptkbp:compatibleWith |
gptkb:law
|
| gptkbp:doesNotCertify |
gptkb:ISO_standards
compliance with laws |
| gptkbp:focusesOn |
service organizations
|
| gptkbp:frequency |
annual
|
| gptkbp:governedBy |
gptkb:AICPA_standards
|
| https://www.w3.org/2000/01/rdf-schema#label |
SOC 2 audits
|
| gptkbp:originatedIn |
gptkb:United_States
|
| gptkbp:performedBy |
independent auditors
|
| gptkbp:relatedStandard |
gptkb:SOC_1
gptkb:SOC_3 |
| gptkbp:relatedTo |
gptkb:AICPA
|
| gptkbp:replacedBy |
SAS 70 for service organizations
|
| gptkbp:reportIncludes |
system description
auditor's opinion results of testing tests of controls management assertion |
| gptkbp:reportsTo |
not public
restricted use |
| gptkbp:requires |
evidence collection
ongoing monitoring documentation of controls many SaaS providers |
| gptkbp:supports |
vendor risk management
third-party assurance |
| gptkbp:type |
Type I
Type II |
| gptkbp:Type_I_covers |
design of controls at a point in time
|
| gptkbp:Type_II_covers |
operating effectiveness of controls over a period
|
| gptkbp:usedBy |
financial services
healthcare organizations technology companies |
| gptkbp:usedFor |
building customer trust
demonstrating compliance |
| gptkbp:bfsParent |
gptkb:Trust_Services_Criteria
|
| gptkbp:bfsLayer |
6
|