Guide SOC 2 reporting on an examination of controls at a service organization relevant to security, availability
➤ Gửi thông báo lỗi ⚠️ Báo cáo tài liệu vi phạmNội dung chi tiết: Guide SOC 2 reporting on an examination of controls at a service organization relevant to security, availability
Guide SOC 2 reporting on an examination of controls at a service organization relevant to security, availability
https: //k hot h u vien .comAICPAGuidesoc 7® Reporting on an Examination of Controls at a Service Organization Relevant to Security, Availability, Pro Guide SOC 2 reporting on an examination of controls at a service organization relevant to security, availabilityocessing Integrity, Confidentiality, or PrivacySOC2”January 1.2018https://khothuvien.cori!Copyright © 2018 byAmerican Institute of Certified Public Accountants. All rights reserved.For information about the procedure for requesting permission to make copies of any pail of this work, please email cop Guide SOC 2 reporting on an examination of controls at a service organization relevant to security, availabilityyright @aicpa.oig with your request. Otherwise, requests should be written and mailed to Permissions Department, 220 Leigh Fann Road, Durham, NC 27707Guide SOC 2 reporting on an examination of controls at a service organization relevant to security, availability
-8110.1 2 3 4 5 6 7 8 9 0 AAP 1 9 8ISBN978-1-94549-860-2 (print)IIIPreface(Updated as of January 1, 2018)About AICPA GuidesTills AICPA Guide, soc 2® Rhttps: //k hot h u vien .comAICPAGuidesoc 7® Reporting on an Examination of Controls at a Service Organization Relevant to Security, Availability, Pro Guide SOC 2 reporting on an examination of controls at a service organization relevant to security, availability, has been developed by members of the AICPA Assurance Services Executive Committee's (ASEC's) soc 2® Working Group, in conjunction with members of the Auditing Standards Board (ASB), to assist practitioners engaged to examine and report on a sendee organization's controls over its system relevant t Guide SOC 2 reporting on an examination of controls at a service organization relevant to security, availabilityo security, availability, processing integrity, confidentiality, or privacy.This AICPA Guide includes certain content presented as "Supplement" or "ApGuide SOC 2 reporting on an examination of controls at a service organization relevant to security, availability
pendix." A supplement is a reproduction, in whole or in part, of authoritative guidance originally issued by a standard-setting body < including regulhttps: //k hot h u vien .comAICPAGuidesoc 7® Reporting on an Examination of Controls at a Service Organization Relevant to Security, Availability, Pro Guide SOC 2 reporting on an examination of controls at a service organization relevant to security, availabilityapplicable AICPA Guide. Appendixes are included for informational purposes and have no authoritative status.An AICPA Guide containing attestation guidance is recognized as an interpretive publication as described in AT-C section 105, Concepts Common to Al I Attestation Engagements' Interpretative pu Guide SOC 2 reporting on an examination of controls at a service organization relevant to security, availabilityblications are recommendations on the application of Statements on Standards for Attestation Engagements (SSAEs) in specific circumstances, includingGuide SOC 2 reporting on an examination of controls at a service organization relevant to security, availability
engagements for entities in specialized industries. Interpretive publications are issued under the authority of the ASB. The members of the ASB have fhttps: //k hot h u vien .comAICPAGuidesoc 7® Reporting on an Examination of Controls at a Service Organization Relevant to Security, Availability, Pro Guide SOC 2 reporting on an examination of controls at a service organization relevant to security, availabilityuide that is applicable to his or her attestation engagement. If the practitioner does not apply the attestation guidance included in an applicable AICPA Guide, the practitioner should Ik* prepared to explain how he or she complied with the SSAE provisions addressed by such attestation guidance.Any Guide SOC 2 reporting on an examination of controls at a service organization relevant to security, availabilityattestation guidance in a guide appendix, although not authoritative, is considered an "other attestation publication." In applying such guidance, theGuide SOC 2 reporting on an examination of controls at a service organization relevant to security, availability
practitioner should, exercising professional judgment, assess the relevance and appropriateness of such guidance Lo the circumstances of the engagemehttps: //k hot h u vien .comAICPAGuidesoc 7® Reporting on an Examination of Controls at a Service Organization Relevant to Security, Availability, Pro Guide SOC 2 reporting on an examination of controls at a service organization relevant to security, availability Audit and Attest Standards staff and the practitioner may presume that it is appropriate.The ASB is the designated senior committee of the AIGPA authorized Lo speak for the Al CPA on all matters related to attestation. Conforming changes made to the attestation guidance contained in this guide are Guide SOC 2 reporting on an examination of controls at a service organization relevant to security, availabilityapproved by the ASB Chair (or his or her designee) and the Director of the AICPA Audit and Attest Standards Staff. Updates made to the attestation guiGuide SOC 2 reporting on an examination of controls at a service organization relevant to security, availability
dance in this guide exceeding that of conforming changes are issued after all ASB members have been provided an opportunity to consider and comment onhttps: //k hot h u vien .comAICPAGuidesoc 7® Reporting on an Examination of Controls at a Service Organization Relevant to Security, Availability, Pro Guide SOC 2 reporting on an examination of controls at a service organization relevant to security, availabilitycabilityThis guide, soc 2® Reporting on an Examination of Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy, provides guidance to practitioners engaged to examine and report on a service organization's controls over one or more o Guide SOC 2 reporting on an examination of controls at a service organization relevant to security, availabilityf the following:•The security of a sendee organization's system•The availability of a service organization's system•The processing integrity of a sendGuide SOC 2 reporting on an examination of controls at a service organization relevant to security, availability
ee organization's system•The confidentiality of the information that the sendee organization's system processes or maintains for user entities•The prihttps: //k hot h u vien .comAICPAGuidesoc 7® Reporting on an Examination of Controls at a Service Organization Relevant to Security, Availability, Pro Guide SOC 2 reporting on an examination of controls at a service organization relevant to security, availabilityissued SSAE No. 18. Attestation Standards: Clarification and Recodification, which includes AT-C section 105 and AT-C section 205, Examination Engagements. AT-C sections 105 and 205 establish the requirements and application guidance for reporting on a sendee organization's controls over its system Guide SOC 2 reporting on an examination of controls at a service organization relevant to security, availabilityrelevant to security, availability, processing integrity, confidentiality, or privacy.The attestation standards enable a practitioner to report on subGuide SOC 2 reporting on an examination of controls at a service organization relevant to security, availability
ject matter other than historical financial statements. A practitioner may be engaged to examine and report on controls at a service organization relahttps: //k hot h u vien .comAICPAGuidesoc 7® Reporting on an Examination of Controls at a Service Organization Relevant to Security, Availability, Pro Guide SOC 2 reporting on an examination of controls at a service organization relevant to security, availabilityor user entities' customers).Defining Professional Responsibilities in AICPA Professional StandardsAICPA professional standards applicable to attestation engagements use the following two categories of professional requirements, identified by specific terms, to describe the degree of responsibility Guide SOC 2 reporting on an examination of controls at a service organization relevant to security, availabilitythey impose on a practitioner:https: //k hot h u vien .comAICPAGuidesoc 7® Reporting on an Examination of Controls at a Service Organization Relevant to Security, Availability, Prohttps: //k hot h u vien .comAICPAGuidesoc 7® Reporting on an Examination of Controls at a Service Organization Relevant to Security, Availability, ProGọi ngay
Chat zalo
Facebook