service organization controls (SOC) reports
GPTKB entity
Statements (41)
Predicate | Object |
---|---|
gptkbp:instanceOf |
gptkb:audit
|
gptkbp:abbreviation |
gptkb:SOC_reports
|
gptkbp:basedOn |
gptkb:AICPA_Trust_Services_Criteria
|
gptkbp:developedBy |
gptkb:American_Institute_of_Certified_Public_Accountants
|
gptkbp:firstIssueDate |
2011
|
gptkbp:governedBy |
gptkb:AICPA_standards
|
https://www.w3.org/2000/01/rdf-schema#label |
service organization controls (SOC) reports
|
gptkbp:importantFor |
outsourcing risk management
third-party risk assessment vendor due diligence |
gptkbp:relatedTo |
auditors
customers regulators service organizations user entities |
gptkbp:replacedBy |
SAS 70 reports
|
gptkbp:reportsTo |
Type I
Type II |
gptkbp:requires |
some regulatory frameworks
|
gptkbp:SOC_1_audience |
user auditors
|
gptkbp:SOC_1_focus |
internal controls over financial reporting
|
gptkbp:SOC_1_standard |
Statement on Standards for Attestation Engagements No. 18 (SSAE 18)
|
gptkbp:SOC_2_audience |
user entities and stakeholders
|
gptkbp:SOC_2_criteria |
gptkb:security
privacy availability confidentiality processing integrity |
gptkbp:SOC_2_focus |
security, availability, processing integrity, confidentiality, privacy
|
gptkbp:SOC_2_standard |
AT-C Section 205
|
gptkbp:SOC_3_audience |
general public
|
gptkbp:SOC_3_focus |
publicly available summary of SOC 2
|
gptkbp:SOC_3_standard |
AT-C Section 205
|
gptkbp:type |
gptkb:SOC_1
gptkb:SOC_2 gptkb:SOC_3 |
gptkbp:Type_I_description |
report on suitability of design of controls at a point in time
|
gptkbp:Type_II_description |
report on operating effectiveness of controls over a period of time
|
gptkbp:usedFor |
assessing internal controls of service organizations
|
gptkbp:bfsParent |
gptkb:SSAE_18
|
gptkbp:bfsLayer |
6
|