System and Organization Controls: SOC Suite of Services

• SOC 1® - SOC for Service Organizations: ICFR
  To provide management of the service organization, user entities, and the independent auditors of user entities’ financial statements with information and a services auditor’s opinion about controls at a service organization that are likely to be relevant to user entities’ internal control over financial reporting.
  

• SOC 2® - SOC for Service Organizations: Trust Services Criteria
  To provide service organization management, user entities, business partners, and other parties with information about controls at the service organization relevant to security, availability, processing integrity, confidentiality, or privacy to support understanding and managing the risks arising from business relationships with service providers.
  

• SOC 3® - SOC for Service Organizations: Trust Services Criteria for General Use Report
  To provide interested parties with a service auditor’s opinion about the effectiveness of controls at the service organization relevant to security, availability, processing integrity, confidentiality, or privacy.
  

• SOC for Cybersecurity
  To provide general users with useful information about an entity’s cybersecurity risk management program for making informed decisions.
  

• SOC for Supply Chain
  To provide specified users with information about the controls within the entity’s system relevant to security, availability, processing integrity, confidentiality, or privacy to enable users to better understand and manage the risks arising from business relationships with their supplier and distribution networks.

For resources related to each SOC service, see SOC Suite of Services above.

• SOC Overview Document
  This overview document discusses the three types of SOC for Service Organization engagements: SOC 1®, SOC 2®, and SOC 3®
  

• 2023 SOC Survey
  Discover the latest trends in SOC reporting.
  

• SOC for Service Organizations Toolkit
  The SOC for services organizations toolkit provides resources for CPA firms that do not currently provide SOC for service organizations examinations (SOC 1®, SOC 2®, and SOC 3® examinations) but are interested in entering this space.
  

• SOC for Service Organizations: Information for CPAs
  The AICPA has developed 3 different SOC for Service Organizations engagements (SOC 1®, SOC 2® and SOC 3®) that involve reporting on controls at a service organization. Learn more about each here.
  

• SOC for Cybersecurity: Information for CPAs
  SOC for Cybersecurity enables CPAs to examine and report on an organization’s cybersecurity risk management program.

• SOC Overview Document
  This overview document discusses the three types of SOC for Service Organization engagements: SOC 1®, SOC 2®, and SOC 3®
  

• Information for Service Organization Management in a SOC 1® Engagement
  This publication is intended to assist management of a service organization in understanding its responsibilities in a SOC 1® engagement.
  

• Information for Service Organization Management in a SOC 2® Engagement
  This document provides information that management of the service organization needs to know when undergoing a SOC 2 examination.
  

• SOC for Cybersecurity: Information for Organizations
  SOC for cybersecurity helps organizations communicate about their cybersecurity risk management program and the effectiveness of controls within that program.

• SOC Overview Document
  This overview document discusses the three types of SOC for Service Organization engagements: SOC 1®, SOC 2®, and SOC 3®.
  

• SOC for Cybersecurity: Information for Users
  SOC for Cybersecurity helps organizations communicate about their cybersecurity risk management programs and CPAs to examine and report on such information.
  

• What management needs to know about the SEC Cybersecurity Rules
  Learn more about the SEC’s new cybersecurity disclosure rules.

• SOC Logo for CPAs — Registration and Guidelines
  AICPA SOC for Service Organizations Logo for use by CPAs — Register here.
  

• SOC Logo for Service Organizations — Registration and Guidelines
  AICPA SOC for Service Organizations Logo for use by service organizations — Register here.