Submit Search
Upload
Gaining assurance over 3rd party soc 1 and soc 2 reporting 7-2014
•
0 likes
•
433 views
A
Accounting_Whitepapers
Follow
A quick overview of how to gain assurance over 3rd party SOC 1 and SOC 2 reporting
Read less
Read more
Business
Report
Share
Report
Share
1 of 4
Download now
Download to read offline
Recommended
SOC 2: Build Trust and Confidence
SOC 2: Build Trust and Confidence
Schellman & Company
SOC 2 and You
SOC 2 and You
Schellman & Company
Soc 2 attestation or ISO 27001 certification - Which is better for organization
Soc 2 attestation or ISO 27001 certification - Which is better for organization
VISTA InfoSec
SOC 1 Overview
SOC 1 Overview
Schellman & Company
Moss Adams SSAE 16 SOC Audits
Moss Adams SSAE 16 SOC Audits
AISDC
Everything You Need To Know About SOC 1
Everything You Need To Know About SOC 1
Schellman & Company
Achieving SSAE 16 Certification
Achieving SSAE 16 Certification
Gary Pennington
Auditor Reporting on Controls at Service Organizations
Auditor Reporting on Controls at Service Organizations
University of Waterloo
Recommended
SOC 2: Build Trust and Confidence
SOC 2: Build Trust and Confidence
Schellman & Company
SOC 2 and You
SOC 2 and You
Schellman & Company
Soc 2 attestation or ISO 27001 certification - Which is better for organization
Soc 2 attestation or ISO 27001 certification - Which is better for organization
VISTA InfoSec
SOC 1 Overview
SOC 1 Overview
Schellman & Company
Moss Adams SSAE 16 SOC Audits
Moss Adams SSAE 16 SOC Audits
AISDC
Everything You Need To Know About SOC 1
Everything You Need To Know About SOC 1
Schellman & Company
Achieving SSAE 16 Certification
Achieving SSAE 16 Certification
Gary Pennington
Auditor Reporting on Controls at Service Organizations
Auditor Reporting on Controls at Service Organizations
University of Waterloo
SSAE 16 Transitions Overview
SSAE 16 Transitions Overview
Jeffrey Paulette
PECB Webinar: Winning approach towards successful ISO/IEC 20000 Certification
PECB Webinar: Winning approach towards successful ISO/IEC 20000 Certification
PECB
Iso iec 20000 foundation training course by interprom
Iso iec 20000 foundation training course by interprom
Mart Rovers
ITIL and ISO 20000: Fundamentals and necessary compliance Synergies
ITIL and ISO 20000: Fundamentals and necessary compliance Synergies
PECB
What is iso iec 20000
What is iso iec 20000
Mart Rovers
CSA STAR Program
CSA STAR Program
Schellman & Company
The CSA STAR Program: Certification & Attestation
The CSA STAR Program: Certification & Attestation
Schellman & Company
How Your Organization Can Become ISO Certified...It's easier than you think
How Your Organization Can Become ISO Certified...It's easier than you think
ITSM Academy, Inc.
Iso 20000 standard implementation
Iso 20000 standard implementation
IITSW Company
Iso 20000 itsms implementation steps-lakshy
Iso 20000 itsms implementation steps-lakshy
Lakshy Management Consultant Pvt Ltd
ISO 20000 Implementation Presentation
ISO 20000 Implementation Presentation
SriramITISConsultant
EPCS Overview
EPCS Overview
Schellman & Company
Vendor risk management webinar 10022019 v1
Vendor risk management webinar 10022019 v1
ControlCase
Soc 2 vs iso 27001 certification withh links converted-converted
Soc 2 vs iso 27001 certification withh links converted-converted
VISTA InfoSec
Control Standards for Information Security
Control Standards for Information Security
JohnHPazEMCPMPITIL5G
Compliance Management Software
Compliance Management Software
LexComply
Corporate Compliance Management
Corporate Compliance Management
LexComply
Continuous Compliance Monitoring
Continuous Compliance Monitoring
ControlCase
ISO/I20000 in a nutshell
ISO/I20000 in a nutshell
Caroline Mouton
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
ControlCase
Account Right SOC Services brochure.pptx
Account Right SOC Services brochure.pptx
GaneshMeenakshiSunda4
Ais Romney 2006 Slides 07 Is Control1
Ais Romney 2006 Slides 07 Is Control1
sharing notes123
More Related Content
What's hot
SSAE 16 Transitions Overview
SSAE 16 Transitions Overview
Jeffrey Paulette
PECB Webinar: Winning approach towards successful ISO/IEC 20000 Certification
PECB Webinar: Winning approach towards successful ISO/IEC 20000 Certification
PECB
Iso iec 20000 foundation training course by interprom
Iso iec 20000 foundation training course by interprom
Mart Rovers
ITIL and ISO 20000: Fundamentals and necessary compliance Synergies
ITIL and ISO 20000: Fundamentals and necessary compliance Synergies
PECB
What is iso iec 20000
What is iso iec 20000
Mart Rovers
CSA STAR Program
CSA STAR Program
Schellman & Company
The CSA STAR Program: Certification & Attestation
The CSA STAR Program: Certification & Attestation
Schellman & Company
How Your Organization Can Become ISO Certified...It's easier than you think
How Your Organization Can Become ISO Certified...It's easier than you think
ITSM Academy, Inc.
Iso 20000 standard implementation
Iso 20000 standard implementation
IITSW Company
Iso 20000 itsms implementation steps-lakshy
Iso 20000 itsms implementation steps-lakshy
Lakshy Management Consultant Pvt Ltd
ISO 20000 Implementation Presentation
ISO 20000 Implementation Presentation
SriramITISConsultant
EPCS Overview
EPCS Overview
Schellman & Company
Vendor risk management webinar 10022019 v1
Vendor risk management webinar 10022019 v1
ControlCase
Soc 2 vs iso 27001 certification withh links converted-converted
Soc 2 vs iso 27001 certification withh links converted-converted
VISTA InfoSec
Control Standards for Information Security
Control Standards for Information Security
JohnHPazEMCPMPITIL5G
Compliance Management Software
Compliance Management Software
LexComply
Corporate Compliance Management
Corporate Compliance Management
LexComply
Continuous Compliance Monitoring
Continuous Compliance Monitoring
ControlCase
ISO/I20000 in a nutshell
ISO/I20000 in a nutshell
Caroline Mouton
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
ControlCase
What's hot
(20)
SSAE 16 Transitions Overview
SSAE 16 Transitions Overview
PECB Webinar: Winning approach towards successful ISO/IEC 20000 Certification
PECB Webinar: Winning approach towards successful ISO/IEC 20000 Certification
Iso iec 20000 foundation training course by interprom
Iso iec 20000 foundation training course by interprom
ITIL and ISO 20000: Fundamentals and necessary compliance Synergies
ITIL and ISO 20000: Fundamentals and necessary compliance Synergies
What is iso iec 20000
What is iso iec 20000
CSA STAR Program
CSA STAR Program
The CSA STAR Program: Certification & Attestation
The CSA STAR Program: Certification & Attestation
How Your Organization Can Become ISO Certified...It's easier than you think
How Your Organization Can Become ISO Certified...It's easier than you think
Iso 20000 standard implementation
Iso 20000 standard implementation
Iso 20000 itsms implementation steps-lakshy
Iso 20000 itsms implementation steps-lakshy
ISO 20000 Implementation Presentation
ISO 20000 Implementation Presentation
EPCS Overview
EPCS Overview
Vendor risk management webinar 10022019 v1
Vendor risk management webinar 10022019 v1
Soc 2 vs iso 27001 certification withh links converted-converted
Soc 2 vs iso 27001 certification withh links converted-converted
Control Standards for Information Security
Control Standards for Information Security
Compliance Management Software
Compliance Management Software
Corporate Compliance Management
Corporate Compliance Management
Continuous Compliance Monitoring
Continuous Compliance Monitoring
ISO/I20000 in a nutshell
ISO/I20000 in a nutshell
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
Similar to Gaining assurance over 3rd party soc 1 and soc 2 reporting 7-2014
Account Right SOC Services brochure.pptx
Account Right SOC Services brochure.pptx
GaneshMeenakshiSunda4
Ais Romney 2006 Slides 07 Is Control1
Ais Romney 2006 Slides 07 Is Control1
sharing notes123
Ais Romney 2006 Slides 07 Is Control1
Ais Romney 2006 Slides 07 Is Control1
Sharing Slides Training
Facility Environmental Audit Guidelines
Facility Environmental Audit Guidelines
amburyj3c9
SOC 2 Compliance and Certification
SOC 2 Compliance and Certification
ControlCase
Soc 2 Compliance.pdf
Soc 2 Compliance.pdf
roguelogics
Soc 2 Compliance.pdf
Soc 2 Compliance.pdf
roguelogics
SOC Certification for Service Providers: Securing Customer Data
SOC Certification for Service Providers: Securing Customer Data
ShyamMishra72
Service Organizational Control (SOC 2) Compliance - Kloudlearn
Service Organizational Control (SOC 2) Compliance - Kloudlearn
KloudLearn
IT Security and Risk Management - Visionet Systems
IT Security and Risk Management - Visionet Systems
Visionet Systems, Inc.
SOC 2 Certification Unveiled: Understanding the Core Principles
SOC 2 Certification Unveiled: Understanding the Core Principles
ShyamMishra72
365 infographic-compliance
365 infographic-compliance
365 Data Centers
What Data Center Compliance Means for Your Business
What Data Center Compliance Means for Your Business
Data Foundry
Due dilligence on a cpa firm or other accounting services provdier
Due dilligence on a cpa firm or other accounting services provdier
aBIZinaBOX Inc - CPA's - Financial Advisory, Taxation, Predictive Analytics & Technology
SOC Certification.pdf
SOC Certification.pdf
SIS Certifications Pvt Ltd
What do Secure, HIPAA Compliant, Clouds Mean to SOA in Healthcare?
What do Secure, HIPAA Compliant, Clouds Mean to SOA in Healthcare?
Shahid Shah
The Retirement Of Sas 70 Article
The Retirement Of Sas 70 Article
DTIMMERMAN
Dimension data pursuing compliance in public cloud white paper
Dimension data pursuing compliance in public cloud white paper
Jason Cumberland
Healthcare Compliance: HIPAA and HITRUST
Healthcare Compliance: HIPAA and HITRUST
ControlCase
Six Keys to Securing Critical Infrastructure and NERC Compliance
Six Keys to Securing Critical Infrastructure and NERC Compliance
Lumension
Similar to Gaining assurance over 3rd party soc 1 and soc 2 reporting 7-2014
(20)
Account Right SOC Services brochure.pptx
Account Right SOC Services brochure.pptx
Ais Romney 2006 Slides 07 Is Control1
Ais Romney 2006 Slides 07 Is Control1
Ais Romney 2006 Slides 07 Is Control1
Ais Romney 2006 Slides 07 Is Control1
Facility Environmental Audit Guidelines
Facility Environmental Audit Guidelines
SOC 2 Compliance and Certification
SOC 2 Compliance and Certification
Soc 2 Compliance.pdf
Soc 2 Compliance.pdf
Soc 2 Compliance.pdf
Soc 2 Compliance.pdf
SOC Certification for Service Providers: Securing Customer Data
SOC Certification for Service Providers: Securing Customer Data
Service Organizational Control (SOC 2) Compliance - Kloudlearn
Service Organizational Control (SOC 2) Compliance - Kloudlearn
IT Security and Risk Management - Visionet Systems
IT Security and Risk Management - Visionet Systems
SOC 2 Certification Unveiled: Understanding the Core Principles
SOC 2 Certification Unveiled: Understanding the Core Principles
365 infographic-compliance
365 infographic-compliance
What Data Center Compliance Means for Your Business
What Data Center Compliance Means for Your Business
Due dilligence on a cpa firm or other accounting services provdier
Due dilligence on a cpa firm or other accounting services provdier
SOC Certification.pdf
SOC Certification.pdf
What do Secure, HIPAA Compliant, Clouds Mean to SOA in Healthcare?
What do Secure, HIPAA Compliant, Clouds Mean to SOA in Healthcare?
The Retirement Of Sas 70 Article
The Retirement Of Sas 70 Article
Dimension data pursuing compliance in public cloud white paper
Dimension data pursuing compliance in public cloud white paper
Healthcare Compliance: HIPAA and HITRUST
Healthcare Compliance: HIPAA and HITRUST
Six Keys to Securing Critical Infrastructure and NERC Compliance
Six Keys to Securing Critical Infrastructure and NERC Compliance
More from Accounting_Whitepapers
Why Data Standards?
Why Data Standards?
Accounting_Whitepapers
Permanent Establishment May Not Be So Permanent (Prepare for Change)
Permanent Establishment May Not Be So Permanent (Prepare for Change)
Accounting_Whitepapers
The Continuing Evolution of Tax Law, at Home and Abroad
The Continuing Evolution of Tax Law, at Home and Abroad
Accounting_Whitepapers
Reinsurance commutation 0315
Reinsurance commutation 0315
Accounting_Whitepapers
Quest for tax reform-white paper - 8-2014
Quest for tax reform-white paper - 8-2014
Accounting_Whitepapers
Form 8300-compliance - smart devine
Form 8300-compliance - smart devine
Accounting_Whitepapers
Faculty workload analysis by Mary Lynn Kudey
Faculty workload analysis by Mary Lynn Kudey
Accounting_Whitepapers
Smart devine-act now before its too late-0313-v6
Smart devine-act now before its too late-0313-v6
Accounting_Whitepapers
Re engineering-0313-v10
Re engineering-0313-v10
Accounting_Whitepapers
Non profit-role-review-0213
Non profit-role-review-0213
Accounting_Whitepapers
Non profit-9-questions #3 5-2013
Non profit-9-questions #3 5-2013
Accounting_Whitepapers
How the new asu will impact your organization by christopher niwinski
How the new asu will impact your organization by christopher niwinski
Accounting_Whitepapers
Cyber risk management-white-paper-v8 (2) 2015
Cyber risk management-white-paper-v8 (2) 2015
Accounting_Whitepapers
Hiring Household Employees Regulatory Requirements 2015
Hiring Household Employees Regulatory Requirements 2015
Accounting_Whitepapers
More from Accounting_Whitepapers
(14)
Why Data Standards?
Why Data Standards?
Permanent Establishment May Not Be So Permanent (Prepare for Change)
Permanent Establishment May Not Be So Permanent (Prepare for Change)
The Continuing Evolution of Tax Law, at Home and Abroad
The Continuing Evolution of Tax Law, at Home and Abroad
Reinsurance commutation 0315
Reinsurance commutation 0315
Quest for tax reform-white paper - 8-2014
Quest for tax reform-white paper - 8-2014
Form 8300-compliance - smart devine
Form 8300-compliance - smart devine
Faculty workload analysis by Mary Lynn Kudey
Faculty workload analysis by Mary Lynn Kudey
Smart devine-act now before its too late-0313-v6
Smart devine-act now before its too late-0313-v6
Re engineering-0313-v10
Re engineering-0313-v10
Non profit-role-review-0213
Non profit-role-review-0213
Non profit-9-questions #3 5-2013
Non profit-9-questions #3 5-2013
How the new asu will impact your organization by christopher niwinski
How the new asu will impact your organization by christopher niwinski
Cyber risk management-white-paper-v8 (2) 2015
Cyber risk management-white-paper-v8 (2) 2015
Hiring Household Employees Regulatory Requirements 2015
Hiring Household Employees Regulatory Requirements 2015
Recently uploaded
The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024
christinemoorman
8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR
ashishs7044
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
ashishs7044
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
lizamodels9
Vip Female Escorts Noida 9711199171 Greater Noida Escorts Service
Vip Female Escorts Noida 9711199171 Greater Noida Escorts Service
ankitnayak356677
RE Capital's Visionary Leadership under Newman Leech
RE Capital's Visionary Leadership under Newman Leech
Newman George Leech
Progress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst Summit
Holger Mueller
India Consumer 2024 Redacted Sample Report
India Consumer 2024 Redacted Sample Report
Mintel Group
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
noida100girls
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
lizamodels9
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
noida100girls
Case study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detail
Ariel592675
2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage
Neil Kimberley
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
lizamodels9
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
KeppelCorporation
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
callgirls2057
Annual General Meeting Presentation Slides
Annual General Meeting Presentation Slides
KeppelCorporation
Tech Startup Growth Hacking 101 - Basics on Growth Marketing
Tech Startup Growth Hacking 101 - Basics on Growth Marketing
Shawn Pang
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
Apsara Of India
Pitch Deck Teardown: NOQX's $200k Pre-seed deck
Pitch Deck Teardown: NOQX's $200k Pre-seed deck
HajeJanKamps
Recently uploaded
(20)
The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024
8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
Vip Female Escorts Noida 9711199171 Greater Noida Escorts Service
Vip Female Escorts Noida 9711199171 Greater Noida Escorts Service
RE Capital's Visionary Leadership under Newman Leech
RE Capital's Visionary Leadership under Newman Leech
Progress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst Summit
India Consumer 2024 Redacted Sample Report
India Consumer 2024 Redacted Sample Report
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
Case study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detail
2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Annual General Meeting Presentation Slides
Annual General Meeting Presentation Slides
Tech Startup Growth Hacking 101 - Basics on Growth Marketing
Tech Startup Growth Hacking 101 - Basics on Growth Marketing
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
Pitch Deck Teardown: NOQX's $200k Pre-seed deck
Pitch Deck Teardown: NOQX's $200k Pre-seed deck
Gaining assurance over 3rd party soc 1 and soc 2 reporting 7-2014
1.
Gaining Assurance Over Third
Party Processors – SOC 1 & SOC 2 Reporting
2.
Gaining Assurance Over
Third Party Processors – SOC 1 & SOC 2 Reporting DEMANDS FOR ASSURANCE OVER THIRD PARTY PROCESSORS Third party processing organizations spanning a variety of business sectors including distribution, financial services, technology, life sciences, services and healthcare are being requested by their custom- ers (a.k.a., user organizations) to obtain an assurance report on controls related to the integrity of certain processes and security over sensitive information being handled by those third parties. Many user organizations realize that while they have outsourced certain aspects of their business, they continue to be responsible for the activities conduct- ed by the third party processing organization. A good deal of this concern has been driven by regulations and standards such as HIPAA, HITECH, the GLB Act, the Meaningful Use standards of the Centers for Medicare and Medicaid Services (CMS), and others including various State and International privacy laws. THE EVOLUTION OF SOC 1 AND SOC 2 Statements on Standards for Attestation Engage- ments No. 16 (SSAE 16) is an update to the previous standard, known as Statement on Auditing Standards No. 70 (a.k.a., SAS 70) created in the early ‘90s by the American Institute of Certified Public Accountants (AICPA) in which an auditor would provide assurance regarding specified control objectives over process- es related to financial reporting. Service Organization Control No. 1 (SOC 1) reports are conducted using SSAE 16. AT Section 101 was developed in 2001 by the AICPA to place requirements for CPAs examining and issuing reports on controls over matters not related to financial reporting. These requirements are codified within AT Section 101, Attest Engagements, of the AICPA’s attestation standards. Reports issued under AT 101 often utilize the AICPA’s Trust Services Prin- ciples which relate to security, availability, processing integrity, confidentiality and privacy. Lately, many of the audits issued under AT-101 that are gaining prominence in the market place include Service Organization Controls No. 2 (SOC 2) and Service Organization Controls No. 3 (SOC 3) reports. Each of the five Trust Services Principles is supported by dozens of Criteria and third party processors may choose to comply with either one, several, or all five principles. © 2014 SMART DEVINE; All rights reserved. TRUST SERVICES PRINCIPLES OVERVIEW SECURITY The system is protected, both logically and physi- cally, against unauthorized access. AVAILABILITY The system is available for operation and use as committed or agreed to. PROCESSING INTEGRITY The system processing is complete, accurate, timely, and authorized. CONFIDENTIALITY Information that is designed “confidential” is protected as committed or agreed. PRIVACY Personal information is collected, used, retained, and disclosed in conformity with the commitments in the entity’s privacy notice and with the privacy principles put forth by the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA).
3.
smartdevine.com 267-670-7300 © 2014
SMART DEVINE; All rights reserved. REVISIONS TO SOC 2 STANDARD In February 2014 the AICPA issued a revision to the Trust Services Principles and Criteria for a few reasons: • Increase the clarity of certain criteria; • Eliminate redundancy amongst the criteria; and • Update the criteria based upon the changing technology and business environment as the original Trust Service Principles were derived from the SysTrust principles and criteria. The AICPA’s Assurance Services Executive Com- mittee (ASEC) is responsible for changes to the updated Standard. The following is a brief summary of the AICPA’s changes. Common Criteria: ASEC has created “common cri- teria” that represent criteria that are applicable to four of the five principles, namely Security, Confidentiality, Availability and Processing Integrity. A number of third party processing organizations have cited overlap- ping criteria across four of the five principles within the previous Standard, and the associated inefficiency. The Common Criteria constitutes the complete set of criteria for the Security Principle and is organized into seven categories following the key concepts of the Committee of Sponsoring Organizations of the Treadway Commission (COSO) framework, including: • Organization and Management • Communications • Monitoring of Controls • Risk Management and Design and Implementation of Controls • Logical & Physical Controls • System Operations • Change Management Separate Criteria: for the principles of Availability, Processing Integrity, and Confidentiality, a complete set of criteria is comprised of all of the Common Cri- teria and all of the criteria applicable to the princi- ple being reported upon. For instance, the updated Standard indicates the principle of Availability has three unique criteria; Processing Integrity has six unique criteria; and Confidentiality also has six unique criteria. Privacy Principle: The Privacy principle will remain distinct and is being revised by a separate task force. An exposure draft has not been created related to Privacy, at this time. Risk Assessment: The updated Standard em- phasizes an assessment of risks that any particular criteria will not be met. Illustrative examples of criteria and controls, and their corresponding risks has been included in the updated standard. The AICPA has indicated the new reporting Standard will go into effect for periods ending after December 15, 2014, however earlier implementation is permitted.
4.
smartdevine.com 267-670-7300 A c
c o u n t i n g T a x A d v i s o r y Smart Devine provides a full range of accounting, advisory, tax and investigative forensic and litigation services to organizations across a variety of industries. Smart Devine | 1600 Market Street | 32nd Floor | Philadelphia, PA 19103 | T 267-670-7300 | info@smartdevine.com © 2014 SMART DEVINE; All rights reserved. SMART DEVINE OFFERS A FULL LINE OF SOLUTIONS INCLUDING: ACCOUNTING & AUDIT • Audit, Reviews & Compilation • Accounting & Tax Due Diligence • Accounting Outsourcing • Agreed Upon Procedures • Business Valuation • Finance Process & Reporting Optimization • Forecasts and Projections • Forensic Accounting & Litigation Support • Internal Control Study & Evaluation • Personal Financial Statements • Retirement Plan Audits & Prep • Trust Accounting • SEC Advisory Services • Special Project Coordination & Support • Technical Accounting Consulting • Transaction Advisory Services • SSAE 16/SOC 1 and SOC 2 Reviews RISK SERVICES • Corporate Governance Regulatory Compliance • Enterprise Risk Management • Business Risk Assessment • IT Risk Assessment • Internal Audit Services • IT Internal Auditing • Internal Audit Transformation • Quality Assessment Reviews • Sarbanes Oxley/Model Audit Rule/NAIC Compliance • SSAE 16/SOC 1 and SOC 2 Readiness Assessments TAX • Tax Return Compliance • Accounting for Income Taxes • ASC 740 (FAS 109) Tax Provision Services • International Taxation • IC-DISC • Tax Planning and Advisory • Tax Controversy • Transfer Pricing • Research and Development Tax Credit • State and Local Taxation BUSINESS ADVISORY • Financial Advisory • Management Consulting Services • Technology Consulting Services INSURANCE ADVISORY SERVICES • Accounting • Reviews • Claims Services • Underwriting/Premium • Forensic Accounting FORENSIC AND LITIGATION SERVICES • Litigation Services • Environmental Litigation • Forensic Investigations • Trustee & Monitoring Services • Digital Forensics & eDiscovery For more information, please contact John McLaughlin, Managing Director at 610-994-1534 or jmclaughlin@smartdevine.com
Download now