Statements (48)
Predicate | Object |
---|---|
gptkbp:instanceOf |
gptkb:audit
|
gptkbp:appliesTo |
cloud service providers
data processors IT managed services |
gptkbp:assesses |
gptkb:security
privacy controls availability confidentiality processing integrity |
gptkbp:basedOn |
gptkb:Trust_Services_Criteria
|
gptkbp:compatibleWith |
gptkb:law
|
gptkbp:doesNotCertify |
gptkb:ISO_standards
compliance with laws |
gptkbp:focusesOn |
service organizations
|
gptkbp:frequency |
annual
|
gptkbp:governedBy |
gptkb:AICPA_standards
|
https://www.w3.org/2000/01/rdf-schema#label |
SOC 2 audits
|
gptkbp:originatedIn |
gptkb:United_States
|
gptkbp:performedBy |
independent auditors
|
gptkbp:relatedStandard |
gptkb:SOC_1
gptkb:SOC_3 |
gptkbp:relatedTo |
gptkb:AICPA
|
gptkbp:replacedBy |
SAS 70 for service organizations
|
gptkbp:reportIncludes |
system description
auditor's opinion results of testing tests of controls management assertion |
gptkbp:reportsTo |
not public
restricted use |
gptkbp:requires |
evidence collection
ongoing monitoring documentation of controls many SaaS providers |
gptkbp:supports |
vendor risk management
third-party assurance |
gptkbp:type |
Type I
Type II |
gptkbp:Type_I_covers |
design of controls at a point in time
|
gptkbp:Type_II_covers |
operating effectiveness of controls over a period
|
gptkbp:usedBy |
financial services
healthcare organizations technology companies |
gptkbp:usedFor |
building customer trust
demonstrating compliance |
gptkbp:bfsParent |
gptkb:Trust_Services_Criteria
|
gptkbp:bfsLayer |
6
|