SOC 2 Compliance

AICPA Trust Service Principles must be included in a SOC 2 report.

Home » Services » SOC 2 Compliance

Services category: IT Compliance and Privacy

SOC 2 Compliance

Receiving a SOC 2/AT-C 105 and 205 report provides clients assurance regarding a service organization’s controls that impact the clients’ internal controls over financial reporting.

Share this content

The Common Criteria/Security of the AICPA Trust Service Principles must be included in a SOC 2 report, with additional criteria available.

  • Common Criteria/Security – The system is protected against unauthorized access, physically and logically
  • Availability – The system is available for operation and use as committed to or agreed
  • Confidentiality – Information designated as confidential is protected as committed to or agreed
  • Processing Integrity – System processing is complete, accurate, timely, and authorized
  • Privacy – Personal information is collected, used, retained, disclosed, and destroyed in conformity with the commitments in the entity’s privacy notice and with the criteria set forth in GAPP (Generally Accepted Privacy Principles).

Two types of SOC 2 reports exist:

  • Type I: Test of Control Design Effectiveness (A period of time).
  • Type II: Test of Control Operating Effectiveness (During a period of time of effectiveness).

What Does Elevate Think?

Often, clients call Type I the policy documentation and Type II the testing phase. Although this is accurate, Type I is more than that, as it includes an assessment of the design and implementation of controls, in which additional audit artifacts are required outside of policies and procedures (e.g. Risk Assessment, Pen Testing, Sample of 1, etc.). Elevate helps you navigate through the difference and determine what is the best approach to achieve compliance.

Good to know: Elevate can help you navigate the process to determine what is the best approach to achieve compliance.

CONTACT

>> This service article was last update on August 5, 2022
Contact Elevate today to learn more about SOC 2 Compliance

Elevate // +1 (888) 601-5351 // Monday to Friday 9am-6pm