Skip To Main Content
Geometric pattern of cubes and connected lines,

System and organization controls (SOC) 2 guide: Reporting on controls at a service organization

This guide will help you effectively report on controls for service organizations. Learn how to apply best practices in key service audit areas to ensure compliance with the appropriate standards.

Explore the updated SOC 2 Guide, a non-authoritative resource which we have adapted from the AICPA version to meet Canadian standards. It is intended for practitioners who are engaged to report on a service organization's controls relevant to security, availability, processing integrity, confidentiality and privacy.

Key topics:

  • non-authoritative guidance on performing and reporting on SOC 2 and SOC 3 engagements
  • understanding the difference between a type 1 and type 2 SOC 2 report
  • illustrative management statements and management representation letters
  • illustrative service auditor's reports, including reporting in accordance with both Canadian and international, or Canadian and U.S. standards
  • 2018 description criteria for a Description of a Service Organization's System in a SOC 2 report
  • 2018 trust services criteria for security, availability, processing integrity, confidentiality and privacy