service organization controls (SOC) reports

GPTKB entity

Statements (41)
Predicate Object
gptkbp:instanceOf gptkb:audit
gptkbp:abbreviation gptkb:SOC_reports
gptkbp:basedOn gptkb:AICPA_Trust_Services_Criteria
gptkbp:developedBy gptkb:American_Institute_of_Certified_Public_Accountants
gptkbp:firstIssueDate 2011
gptkbp:governedBy gptkb:AICPA_standards
https://www.w3.org/2000/01/rdf-schema#label service organization controls (SOC) reports
gptkbp:importantFor outsourcing risk management
third-party risk assessment
vendor due diligence
gptkbp:relatedTo auditors
customers
regulators
service organizations
user entities
gptkbp:replacedBy SAS 70 reports
gptkbp:reportsTo Type I
Type II
gptkbp:requires some regulatory frameworks
gptkbp:SOC_1_audience user auditors
gptkbp:SOC_1_focus internal controls over financial reporting
gptkbp:SOC_1_standard Statement on Standards for Attestation Engagements No. 18 (SSAE 18)
gptkbp:SOC_2_audience user entities and stakeholders
gptkbp:SOC_2_criteria gptkb:security
privacy
availability
confidentiality
processing integrity
gptkbp:SOC_2_focus security, availability, processing integrity, confidentiality, privacy
gptkbp:SOC_2_standard AT-C Section 205
gptkbp:SOC_3_audience general public
gptkbp:SOC_3_focus publicly available summary of SOC 2
gptkbp:SOC_3_standard AT-C Section 205
gptkbp:type gptkb:SOC_1
gptkb:SOC_2
gptkb:SOC_3
gptkbp:Type_I_description report on suitability of design of controls at a point in time
gptkbp:Type_II_description report on operating effectiveness of controls over a period of time
gptkbp:usedFor assessing internal controls of service organizations
gptkbp:bfsParent gptkb:SSAE_18
gptkbp:bfsLayer 6