Our Information Technology Assurance specialists have a detailed knowledge of business operations and the technologies used.

SOC 2 - DESCRIPTION

SOC 2 reports offer service auditors and service organizations a reporting option they can use when the subject matter is not relevant to controls over ﬁnancial reporting. The SOC 2 report addresses controls at a service organization that are pertinent to the joint AICPA- Canadian Institute of Chartered Accountants (CICA) Trust Services Principles and Criteria. These Trust Services Principles include security, availability, processing integrity, conﬁdentiality and privacy. In a SOC 2 report (as with a SOC 1 report), management identiﬁes one or more Trust Services Principles (sample scope) that it believes it has achieved and the criteria upon which it will base its assertion of achievement. While SOC 2 reports are intended for user organization management, other stakeholders (e.g., business partners, customers) along with regulators knowledgeable about the subject matter and the criteria may also beneﬁt from the information contained within a SOC 2 report. The report includes many of the same elements as a SOC 1 report — speciﬁcally, the independent service auditor’s report, management's assertion letter, a description of the system, and a section containing the service auditor’s tests of the operating effectiveness of controls and the related test results (Type II report only).