Glossary

SOC 2

  • AICPA

    What is the AICPA? The AICPA (American Institute of Certified Public Accountants) is the US’s organization of Professional CPAs (Certified Public Accountants). The AICPA is the founder and originator of the SOC reporting standard and audit. Furthermore, the AICPA is a very influential body of professional accountants, and they combine the skills and expertise of …

  • SOC Reports

    What is a SOC report? SOC stands for Service Organizations Controls. A SOC report provides a detailed assessment of the controls, processes, and implementation thereof within an organization. A SOC report is one the easiest and most effective ways to verify and ensure that an organization is following industry best standards and that the controls …

  • Audit Period

    Think of the audit period as the time duration over which the policies/procedures/IT control environment/etc. are evaluated. An audit period is relevant in the world of compliance and auditing. Before a potential business partner or customer enters into contract agreements, paying money, and handing over important information, they want to be assured that the company …

  • SOC 2 Evidence Collection

    When it comes down to collecting evidence for the SOC 2 audit itself, there are a few key points that one needs to remember. Obtaining and submitting the incorrect audit evidence can cause audit headaches as it will most times mean having to recapture, extract, and submit the evidence again – showing the necessary key …

  • Auditor's Opinion

    SOC 2 is based on the American Institute of Certified Public Accountants (AICPA) standards to provide an audit opinion on the security, availability, processing integrity, confidentiality, and/ or privacy of a service organization’s controls.  What is a SOC 2 audit opinion? An audit opinion is the audit result or the audit outcome of a SOC …

  • SOC 2 Readiness Assessment

    What is a SOC 2 readiness assessment? A SOC 2 readiness assessment is exactly what the word implies: an assessment that is performed to see if a company or more specifically, the control environment of the company’s product, is ready for a SOC 2 audit. The objective of the report is to summarize the current …

  • Information Produced by the Entity (IPE)

    IPE, or Information Produced/Provided by the Entity, is a term used in compliance and auditing that regards the actual information used by the auditor in order to assess, test, and draw conclusions about controls, and ultimately, the audit opinion. There is no clear-cut, oxford-dictionary definition of what constitutes IPE, or IPE audit evidence, and so …

  • Complementary User Entity Control (CUEC)

    Complementary user entity controls (CUEC) are controls that reside at the user entity level of a service organization. User entities are organizations that utilize the services of a service organization. Essentially what it means is that there is a shared responsibility between two parties to ensure the control criteria is being achieved. Think of CUECs …

  • SOC 2 Auditor

    What does a SOC 2 auditor do? An auditor who has been accredited by the AICPA can attest and report on if controls were suitably designed, and effectively implemented during the audit period for an organization. Not all accountants are CPAs, so when hiring an auditor it is important to be sure they are commissioned …

  • SOC 2 Type II Report

    A SOC 2 Type II report assesses the design and operating effectiveness of an organization’s controls over a period of time. A SOC 2 Type II report is a report on an organization’s internal controls, capturing how a company safeguards customer data and how well those controls are operating. SOC 2 Type II Trust Principles …

Book a Demo