What Will Be in My SOC 2 Report? The 7 Components to Your SOC 2 Audit

February 22, 2018
Learn more at https://kirkpatrickprice.com/video/seven-components-of-a-soc-2-report/ You’ve partnered with a third party, you’ve properly scoped your environment, you’ve conducted a SOC 2 gap analysis, you’ve remedied any non-compliant findings, you’ve worked with your auditor, you’ve completed your SOC 2 audit, and now you’re finally receiving your SOC 2 report. Congratulations! So, what’s actually included in a SOC 2 report? The assertion provides a description to users on the service organization’s system controls, intended to meet Trust Services Criteria. The Independent Service Auditor’s Report provides a description of the service auditor’s examination of the suitability and effectiveness of the controls to meet the criteria. The system overview provides background information on the service organization. The infrastructure component provides a description on the software, people, procedures, and data. The relevant aspects of controls component provides a description on the control environment, the risk assessment process, information communication systems, and monitoring of controls. Complementary User-Entity Controls provides a description on how controls are implemented at the user organization. The Trust Services Criteria, Related Controls, and Tests of Controls component outlines the controls in place and describes the tests on the effectiveness of the controls to meet the criteria. A SOC 2 report provides user entities with reasonable assurance and the peace of mind that the controls at a service organization are suitably designed, in place, and appropriately protecting client data. If you have any questions about SOC 2 audits, please reach out to us today.   Stay Connected Twitter: https://twitter.com/KPAudit LinkedIn: https://www.linkedin.com/company/kirkpatrickprice-llc Facebook: https://www.facebook.com/kirkpatrickprice/ More Free Resources Blog: https://kirkpatrickprice.com/blog/ Webinars: https://kirkpatrickprice.com/webinars/ Videos: https://kirkpatrickprice.com/video/ White Papers: https://kirkpatrickprice.com/white-papers/ About Us KirkpatrickPrice is a licensed CPA firm, PCI QSA, and a HITRUST CSF Assessor, registered with the PCAOB, providing assurance services to over 600 clients in more than 48 states, Canada, Asia, and Europe. The firm has over 12 years of experience in information security and compliance assurance by performing assessments, audits, and tests that strengthen information security and internal controls. KirkpatrickPrice most commonly provides advice on SOC 1, SOC 2, HIPAA, HITRUST CSF, PCI DSS, GDPR, ISO 27001, FISMA, and CFPB frameworks. For more about KirkpatrickPrice: https://kirkpatrickprice.com/ Contact us today: 800-770-2701 https://kirkpatrickprice.com/contact/

No Previous Videos

Next Video
What is the Purpose of the SOC 2 Privacy Principle?
What is the Purpose of the SOC 2 Privacy Principle?

Learn more at https://kirkpatrickprice.com/video/what-is-the-purpose-of-the-soc-2-privacy-principle/ Once y...