service organization controls (SOC) reports
GPTKB entity
Statements (41)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
gptkb:audit
|
| gptkbp:abbreviation |
gptkb:SOC_reports
|
| gptkbp:basedOn |
gptkb:AICPA_Trust_Services_Criteria
|
| gptkbp:developedBy |
gptkb:American_Institute_of_Certified_Public_Accountants
|
| gptkbp:firstIssueDate |
2011
|
| gptkbp:governedBy |
gptkb:AICPA_standards
|
| https://www.w3.org/2000/01/rdf-schema#label |
service organization controls (SOC) reports
|
| gptkbp:importantFor |
outsourcing risk management
third-party risk assessment vendor due diligence |
| gptkbp:relatedTo |
auditors
customers regulators service organizations user entities |
| gptkbp:replacedBy |
SAS 70 reports
|
| gptkbp:reportsTo |
Type I
Type II |
| gptkbp:requires |
some regulatory frameworks
|
| gptkbp:SOC_1_audience |
user auditors
|
| gptkbp:SOC_1_focus |
internal controls over financial reporting
|
| gptkbp:SOC_1_standard |
Statement on Standards for Attestation Engagements No. 18 (SSAE 18)
|
| gptkbp:SOC_2_audience |
user entities and stakeholders
|
| gptkbp:SOC_2_criteria |
gptkb:security
privacy availability confidentiality processing integrity |
| gptkbp:SOC_2_focus |
security, availability, processing integrity, confidentiality, privacy
|
| gptkbp:SOC_2_standard |
AT-C Section 205
|
| gptkbp:SOC_3_audience |
general public
|
| gptkbp:SOC_3_focus |
publicly available summary of SOC 2
|
| gptkbp:SOC_3_standard |
AT-C Section 205
|
| gptkbp:type |
gptkb:SOC_1
gptkb:SOC_2 gptkb:SOC_3 |
| gptkbp:Type_I_description |
report on suitability of design of controls at a point in time
|
| gptkbp:Type_II_description |
report on operating effectiveness of controls over a period of time
|
| gptkbp:usedFor |
assessing internal controls of service organizations
|
| gptkbp:bfsParent |
gptkb:SSAE_18
|
| gptkbp:bfsLayer |
6
|