The AICPA Service Organization Control (SOC) framework is a platform developed by the American Institute of Certified Public Accountants (AICPA) that includes different reporting options (SOC 1, SOC 2, and SOC 3) for control environments relating to service organizations. Additionally, the SOC platform effectively replaced the historical “one-size-fits-all” aging and antiquated SAS 70 auditing standard, which has been in use for approximately twenty (20) years - April 1992 to June 15, 2011. At the heart of the AICPA SOC framework are internal controls - a process affected by an organization's structure, work and authority flows, people and management information systems, designed to help the organization accomplish specific goals or objectives (source: Wikipedia.com).
Learn more about our signature product, the Global Information Security Compliance Packet (GISCP), the world's most complete security policy packet containing over 2,850 + pages of in-depth information security policies, procedures, forms, checklists, templates, provisioning and hardening documents, and much more.
Learn more today about the GISCP by viewing sample policies, forms, hardening documents, and more.
SOC 1 SSAE 16 | SOC 2 AT 101 | SOC 3 | Service Organization Reporting
The AICPA SOC framework, particularly the SOC 1 SSAE 16 reporting platform, has become a widely used and well-known assessment for all types of service organizations, from banking and finance to manufacturing, information technology, and many other areas. As for a more technical understanding of the SOC framework, SOC 1 reporting utilizes the SSAE 16 professional standard, while SOC 2 and SOC 3 utilize the AT 101 professional standard along with incorporating what’s known as the Trust Services Principles. The official SSAE 16 Resource Guide provides an incredibly in-depth overview of SOC 1, SOC 2 and SOC 3. Please note that only a CPA firm or individually licensed CPA can issue a SOC 1, SOC 2 and SOC 3 report.
Information Security Policies | A Large Part of SOC Compliance | Download
What’s important to note about complying with any of the SOC reporting mandates is the need for a large number of documented operational and information security policies and procedures. Auditors will demand them as part of the audit process, and you’ll need to find a highly regarded resource for providing such documentation, which is Flat Iron Technologies, LLC. The Global Information Security Compliance Packet (GISCP) - available for immediate download - includes literally hundreds of professionally developed policies, procedures, forms, checklists, templates, provisioning and hardening documents - and more - for assisting with SOC 1, SOC 2, and SOC 3 compliance.
Learn more about our signature product, the Global Information Security Compliance Packet (GISCP) today. The AICPA SOC framework (SOC 1, SOC 2, and SOC 3) is a big - and growing - element of regulatory compliance for businesses all around the globe, thus the need for information security policies for today’s service organizations has never been greater.