Techniques to evaluate Cloud and Outsourced service models using AICPA and ISACA guidance

Recently, a user guide titled SOC 2SM User Guide for Report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy was released by ISACA, a global IT association with 100,000 members in 180 countries and American Institute of CPAs (AICPA). The guide is available at www.isaca.org/SOC2.

In May 2011, the AICPA issued Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy (SOC 2), which uses AICPA’s Trust Services Principles and Criteria to report on controls at a service organization. The SOC 2 report provides service organizations and users more flexibility related to compliance and operational reporting controls. It addresses risk of IT-enabled systems and privacy programs beyond the controls necessary for financial reporting.

The SOC 2SM User Guide focuses on the SOC 2 report issued by service organizations relevant to the effectiveness of the design and operation of their controls related to security, availability, processing integrity, confidentiality or privacy. The guide describes service organization reports (SOC 1SM, SOC 2SM and SOC 3SM) and explains:

• The standards used and the scope of a SOC 2SM report
• How to determine the user entity’s needs when obtaining a SOC 2SM report
• How to communicate the user entity’s needs to the service organization
• How to interpret the SOC 2SM report provided by the service organization

For information on SOC 2SM User Guide for Report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy, visit www.isaca.org/SOC2. For general information on SOC reports, the SOC logo and usage guidelines, as well as an educational and marketing toolkit for service organizations, visit www.aicpa.org/SOC.

twitter

@confidentgovern

@bbhagat

@EnCrispGRC

facebook

 

/ConfidentGovernance

 /EnCrisp

visit us

    

    @confidentgovernance

     @encrisp

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: