Learn to effectively perform SOC 2 and SOC 3®
- Requirements and guidance in SSAE No. 18
- How to efficiently plan, perform and report on SOC 2 and SOC 3 engagements
- How to describe a matter giving rise to a modified opinion
- Organize and draft relevant sections of a type 1 SOC 2 report and SOC 3 report
- Develop management representation letters for SOC 2 and SOC 3 engagements
- Apply the 2017 trust services criteria in SOC 2 and SOC 3 examinations
- Apply the 2018 description criteria in SOC 2 examinations
Who Will Benefit?
- Practitioners performing SOC 2 and SOC 3 engagements
- Managers of service organizations that have SOC 2 and SOC 3 engagements being performed
- SOC 2 and SOC 3 report readers
Updated as of January 1, 2018, this guide is the industry standard resource that will help you understand the issues in reporting on an examination of Service Organization Controls.
You'll also learn:
- The difference between a type 1 and type 2 SOC 2 report
- What goes into planning, performing and reporting on SOC 2 and SOC 3 engagements
- Examples of service organizations
- How to prepare the description of the service organization's system
See what's new
You'll want to have this this guide available as a resource that:
- Has been fully updated and formatted to reflect lessons learned in practice for SSAE No. 18 (clarified attestation standards).
- Contains insight from expert authors on the SOC 2 working group composed of CPAs who perform SOC 2 and SOC 3 engagements.
- Includes illustrative report paragraphs describing many different types of report modifications.
- Includes a new appendix for performing and reporting on a SOC 2 examination.