CPA Canada Guide SOC 2® Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy |
 | (en anglais seulement)
CPA Canada Guide SOC 2® Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacyis a practical resource for practitioners engaged to report on the privacy and security of a service organization’s systems
Take your guides with you on your eReader, laptop, smartphone or tablet. SOC Guides are available in convenient and searchable eBook format!
*Special Member Pricing will be displayed for CPA Canada members upon login
|
GUIDANCE FOR CANADIAN PRACTITIONERS ENGAGED TO REPORT ON CONTROLS AT A SERVICE ORGANIZATION
SOC 2 is a practical resource for practitioners engaged to report on service organization’s controls relevant to security, availability, processing integrity, confidentiality, or privacy. The engagement described in this guide is based on the requirements and application material set out in the CPA Canada Handbook – Assurance and specifically Canadian Standard on Assurance Engagements (CSAE) 3000, Attestation Engagements Other than Audits or Reviews of Historical Financial Information. CSAE 3000 deals with assurance engagements other than audits of financial statements and other historical financial information performed by practitioners.
This guide is a non-authoritative resource which has been adapted by CPA Canada from the AICPA version to meet Canadian standards. SOC 2 engagements are designed to assist Canadian practitioners engaged to report on a service organization’s controls over one or more of the following:
- The security of a service organization’s system
- The availability of a service organization’s system
- The processing integrity of a service organization’s system
- The confidentiality of the information that the service organization’s system processes or maintains for user entities
- The privacy of personal information that the service organization collects, uses, retains, discloses, and disposes of for user entities
KEY TOPICS INCLUDE:
- non-authoritative guidance on performing and reporting on SOC 2 and SOC 3 engagements
- understanding the difference between a type 1 and type 2 SOC 2 report
- illustrative management statements and management representation letters
- illustrative service auditor’s reports, including reporting in accordance with both Canadian and International or US standards
- 2018 Description Criteria for a Description of a Service Organization’s System in a SOC 2 Report
- 2018 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy
This Guide considers standards issued up to March 1, 2019
RELATED PUBLICATIONS
SOC for Cybersecurity: CPA Canada Guide - Reporting on an Entity's Cybersecurity Risk Management Program and Controls
The 2019 CPA Canada SOC 1 Guide ISBN: 978-1-55385-762-4 Publication Date: June 2019 |