Looking for SOC 2 guidelines, then call the experts today at NDNB Accountants & Consultants (NDNB), providers of nationwide, fixed-fee SOC 2 assessments. Call Christopher G. Nickell, CPA, at 1-800-277-5415, ext. 706 today! We provide a complimentary SOC 2 Policy Packet for each our clients!
As for some helpful SOC 2 guidelines for auditing success, take note of the following:
Learn about the SOC Framework: The American Institute of Certified Public Accountants (AICPA) launched the Service Organization Control (SOC) framework in 2011, (now known as Systems and Organization Controls) effectively replacing the old and misused Statement on Auditing Standards No. 70 (SAS 70), and that was a good move indeed. Service organizations had changed dramatically since the launching of SAS 70 in April, 1992, thus a new framework was born consisting of SOC 1, SOC 2, and SOC 3 reporting. As for SOC 2, it incorporates the SSAE 18 standard for reporting, while SOC 2 relies on AT 101 and the applicable Trust Service Principles (TSP).
Learn about the Trust Services Principles and Criteria: It’s important to know that there are five (5) Trust Services Principles, which are the following: Security, Availability, Processing Integrity, Confidentiality, and Privacy. Moreover, each of the applicable TSP’s have their own respective “Common Criteria” for assessing a service organization’s internal controls. Just keep in mind that all of the five (5) TSP’s have a similar theme: It’s about having documented and formalized processes and procedures in place.
Understand the Importance of a Readiness Assessment: Putting the cart before the horse – as the old saying goes – is not a particularly good idea when it comes to SOC 2 compliance. More specifically, diving right into a SOC 2 audit with minimal or zero preparation is not recommended as service organizations need time to assess and evaluate gaps, deficiencies, and weaknesses within one’s control environment. The ultimate goal of any SOC 2 report is a “clean” opinion, one void of notable exceptions, and getting there begins with SOC 2 assessment for your business.
Determine the Proper Scope: As a business, you’ll need to determine what the business process is for the actual SOC 2 assessment – and ultimately – which of the five (5) Trust Services Principles will be included within the scope of the audit. By default, the “Security” TSP is the starting point for every SOC 2 audit – after that – you’ll need to determine client demands, market expectations, and other variables when assessing scope for the remaining four (4) TSPs’.