Business person using hands to control a glowing virtual security lock over a group of other business icons above a tablet

System and organization controls (SOC) 2 guide: Reporting on controls at a service organization

This guide will help you effectively report on controls for service organizations. Learn how to apply best practices in key service audit areas to ensure compliance with the appropriate standards.

Explore the updated SOC 2 Guide, a non-authoritative resource which we have adapted from the AICPA version to meet Canadian standards. It is intended for practitioners who are engaged to report on a service organization's controls relevant to security, availability, processing integrity, confidentiality and privacy.

Key topics:

non-authoritative guidance on performing and reporting on SOC 2 and SOC 3 engagements
understanding the difference between a type 1 and type 2 SOC 2 report
illustrative management statements and management representation letters
illustrative service auditor's reports, including reporting in accordance with both Canadian and international, or Canadian and U.S. standards
2018 description criteria for a Description of a Service Organization's System in a SOC 2 report
2018 trust services criteria for security, availability, processing integrity, confidentiality and privacy

System and organization controls (SOC) 2 guide: Reporting on controls at a service organization

Key topics:

Become a CPA

PD & Resources

CPA Members

News

About CPA Canada

Public Interest