SOC Engagements Flashcards
What creates the need for a SOC engagement?
When an organization (User Entity) engages in business with other entities (service organizations) to out source key services and business operations
Why do we need SOC (system and organizational controls) engagements?
SOC engagements assess the effectiveness of a service organization’s controls. They result in the issuance of a SOC report and promote reliance by third parties on service organizations.
What are the three main types of SOC engagements and what other types of SOC engagements are available?
The three main types of SOC engagements are
1. SOC 1
2. SOC 2
3. SOC 3
In addition, there are SOC engagements specific for Cybersecurity and SOC engagements specific for Supply Chain
What is a SOC 1 engagement for Service Organizations?
SOC 1 engagements reports on internal control over financial reporting. The examination and reporting on controls at a service organization that are likely to be relevant to user entities internal control over financial reporting.
Restricted to management of the service organization, user entities of the service organizations system, and independent auditors of such user entities.
What are SOC 2 engagements?
A SOC 2 engagement is an examination and reports on the trust services criteria which are the security, availability, processing integrity of a system, confidentiality and privacy of the information processed by the system.
Who are the intended users of SOC 2 Service Organizations?
Carve Out Method
