service organization controls

GPTKB entity

Statements (34)
Predicate Object
gptkbp:instanceOf audit standard
gptkbp:abbreviation SOC
gptkbp:developedBy gptkb:American_Institute_of_Certified_Public_Accountants
gptkbp:focusesOn gptkb:security
privacy
availability
confidentiality
internal controls
processing integrity
https://www.w3.org/2000/01/rdf-schema#label service organization controls
gptkbp:includes gptkb:SOC_1
gptkb:SOC_2
gptkb:SOC_3
gptkbp:purpose assess controls at service organizations
gptkbp:relatedTo gptkb:SSAE_18
ISAE 3402
gptkbp:reportsTo Type I
Type 1
Type 2
Type II
gptkbp:SOC_1 focuses on financial reporting controls
used by user auditors and user entities
gptkbp:SOC_2 focuses on trust service criteria
used by management, regulators, and others
includes security, availability, processing integrity, confidentiality, privacy
gptkbp:SOC_3 focuses on trust service criteria for general use
intended for public distribution
gptkbp:usedBy auditors
service organizations
user entities
gptkbp:usedFor third-party risk management
gptkbp:bfsParent gptkb:Statement_on_Auditing_Standards_No._70
gptkb:Statement_on_Standards_for_Attestation_Engagements_(SSAE)_18
gptkbp:bfsLayer 7