Statements (55)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
gptkb:audit
|
| gptkbp:developedBy |
gptkb:AICPA
|
| gptkbp:frequency |
typically annual
|
| https://www.w3.org/2000/01/rdf-schema#label |
SOC reports
|
| gptkbp:importantFor |
healthcare organizations
financial institutions technology companies cloud service providers service organizations outsourcing companies |
| gptkbp:issuedBy |
independent CPA firms
|
| gptkbp:regulates |
gptkb:AICPA_standards
|
| gptkbp:relatedTo |
risk management
compliance internal controls third-party assurance |
| gptkbp:SOC_1_audience |
user auditors and user entities
|
| gptkbp:SOC_1_focus |
financial reporting controls
|
| gptkbp:SOC_1_purpose |
report on controls relevant to user entities’ financial reporting
|
| gptkbp:SOC_1_standard |
gptkb:SSAE_18
|
| gptkbp:SOC_1_types |
Type I
Type II |
| gptkbp:SOC_2_audience |
management, regulators, and other specified parties
|
| gptkbp:SOC_2_criteria |
gptkb:security
privacy availability confidentiality processing integrity |
| gptkbp:SOC_2_focus |
IT and data controls
|
| gptkbp:SOC_2_purpose |
report on controls relevant to security, availability, processing integrity, confidentiality, or privacy
|
| gptkbp:SOC_2_standard |
gptkb:Trust_Services_Criteria
|
| gptkbp:SOC_2_trust_services_categories |
gptkb:security
privacy availability confidentiality processing integrity |
| gptkbp:SOC_2_types |
Type I
Type II |
| gptkbp:SOC_3_audience |
general public
|
| gptkbp:SOC_3_focus |
public assurance of controls
|
| gptkbp:SOC_3_purpose |
general use report on controls for public distribution
|
| gptkbp:SOC_3_standard |
gptkb:Trust_Services_Criteria
|
| gptkbp:SOC_for_Cybersecurity_focus |
enterprise-wide cybersecurity risk management
|
| gptkbp:SOC_for_Supply_Chain_focus |
supply chain risk management
|
| gptkbp:standsFor |
System and Organization Controls reports
|
| gptkbp:type |
gptkb:SOC_1
gptkb:SOC_2 gptkb:SOC_3 SOC for Cybersecurity SOC for Supply Chain |
| gptkbp:Type_I_definition |
report on suitability of design of controls at a point in time
|
| gptkbp:Type_II_definition |
report on operating effectiveness of controls over a period of time
|
| gptkbp:usedFor |
assessing controls at service organizations
|
| gptkbp:bfsParent |
gptkb:SOC_1_compliance
|
| gptkbp:bfsLayer |
6
|