SOC 2 audits

GPTKB entity

Statements (48)
Predicate Object
gptkbp:instanceOf gptkb:audit
gptkbp:appliesTo cloud service providers
data processors
IT managed services
gptkbp:assesses gptkb:security
privacy
controls
availability
confidentiality
processing integrity
gptkbp:basedOn gptkb:Trust_Services_Criteria
gptkbp:compatibleWith gptkb:law
gptkbp:doesNotCertify gptkb:ISO_standards
compliance with laws
gptkbp:focusesOn service organizations
gptkbp:frequency annual
gptkbp:governedBy gptkb:AICPA_standards
https://www.w3.org/2000/01/rdf-schema#label SOC 2 audits
gptkbp:originatedIn gptkb:United_States
gptkbp:performedBy independent auditors
gptkbp:relatedStandard gptkb:SOC_1
gptkb:SOC_3
gptkbp:relatedTo gptkb:AICPA
gptkbp:replacedBy SAS 70 for service organizations
gptkbp:reportIncludes system description
auditor's opinion
results of testing
tests of controls
management assertion
gptkbp:reportsTo not public
restricted use
gptkbp:requires evidence collection
ongoing monitoring
documentation of controls
many SaaS providers
gptkbp:supports vendor risk management
third-party assurance
gptkbp:type Type I
Type II
gptkbp:Type_I_covers design of controls at a point in time
gptkbp:Type_II_covers operating effectiveness of controls over a period
gptkbp:usedBy financial services
healthcare organizations
technology companies
gptkbp:usedFor building customer trust
demonstrating compliance
gptkbp:bfsParent gptkb:Trust_Services_Criteria
gptkbp:bfsLayer 6