Established by the AICPA Assurance Services Executive Committee (ASEC), this resource presents control criteria for use in attestation or consulting engagements to evaluate and report on controls over the security, availability, processing integrity, confidentiality, or privacy of information and systems
This guidance is useful in reporting on SOC for Cybersecurity engagements, SOC 2® engagements, and SOC 3® engagements. The 2017 edition revises the trust services criteria to align with the Committee of Sponsoring Organizations of the Treadway Commission’s (COSO’s) 2013 Internal Control—Integrated Framework, to better address cybersecurity risks and increase flexibility in application across an entire entity, including at a subsidiary, division, or operating unit level within a function relevant to an entity’s operational, reporting, or compliance objectives.
1 Comments/Reflections