Statement on Standards for Attestation Engagement (SSAE) 18

SOC2 Reports


A SOC2 report is an engagement performed under AT-C section 205 and is based on the existing SysTrust and WebTrust principles. This report will have the same options as the SOC1 report where a service organization can decide to undergo a Type I or Type II certification. Purpose of SOC2 audit is to evaluate an organization’s information systems relevant to:
– Security
– Availability
– Integrity
– Confidentiality
– and/or Privacy

Organizations asked to provide a SOC1, but which do not have an impact on their client’s financial reporting should select this reporting option.

Related Articles