Comptabilité et certification
Affaires et finance
Manuel de CPA Canada
Technologies de l'information
Gestion d'un cabinet
Risque et gouvernance
Fiscalité
Autres
dans tous les formats

CPA Canada Guide to Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy (SOC 2)

(aussi disponible en français)

CPA Canada Guide to Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy (SOC 2) - Ce produit est offert sur les supports suivants: Téléchargement (eBook)CPA Canada Guide to Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy (SOC 2) is a practical resource for practitioners engaged to audit and report on the privacy and security of a service organization’s systems.

Take your guides with you on your eReader, laptop, smartphone or tablet. SOC Guides are available in convenient and searchable eBook format!


ArticleNuméro d'articlePrixQté
Téléchargement (eBook)Téléchargement (eBook) 
7155000475 $
Ajouter au panier   
Les prix sont sujets à modification, et ce, sans préavis. Politiques concernant les licences pour utilisateur.
 

GUIDANCE FOR CANADIAN PRACTITIONERS ENGAGED TO AUDIT AND REPORT ON CONTROLS AT A SERVICE ORGANIZATION

SOC 2 is a practical resource for practitioners engaged to audit and report on the privacy and security of a service organization’s systems. This guide is based on the requirements and guidance established in the CPA Canada Handbook – Assurance, Section 5025, Standards for Assurance Engagements Other Than Audits of Financial Statements and Other Historical Financial Information. These standards establish a framework for assurance engagements, other than audits of financial statements and other historical financial information. .

Prepared by the Information and Management Technology Advisory Committee of CPA Canada’s Research, Guidance and Support Group, SOC 2 is designed to assist Canadian practitioners engaged to examine and report on a service organization’s controls over one or more of the following:

  • The security of a service organization’s system
  • The availability of a service organization’s system
  • The processing integrity of a service organization’s system
  • The confidentiality of the information that the service organization’s system processes or maintains for user entities
  • The privacy of personal information that the service organization collects, uses, retains, discloses, and disposes of for user entities

NOTICE OF FUTURE CHANGES AFFECTING THIS PUBLICATION

Trust Services Principles and Criteria Update

SOC 2 and 3 engagements are based substantially on the Trust Services Principles and Criteria (TSPC). The TSPC presents criteria for use when providing attestation or consulting services to evaluate controls relevant to the security, availability, and processing integrity of a system, and the confidentiality and privacy of the information processed by the system.

The recently updated TSPC, as issued by the AICPA, are effective for periods ending on or after December 15, 2016. The TSPC can be found at:

http://www.aicpastore.com/AST/Main/CPA2BIZ_Primary/AuditAttest/Standards/PRDOVR~PC-TSPC13/PC-TSPC13.jsp

Description Criteria

The AICPA recently issued an exposure draft (ED) on July 24, 2017 for Proposed Revisions of Description Criteria for a Description of a Service Organization’s System in a SOC 2 Report. Comments were due on September 7, 2017 and the timing of further updates based on this ED is not yet known. The ED can be found at:

http://www.aicpa.org/interestareas/frc/assuranceadvisoryservices/downloadabledocuments/exposuredrafts/soc2_descriptioncriteria_exposuredraft.pdf

Standards Update

Practitioners should be aware that Section 5025, Standards for Assurance Engagements Other Than Audits of Financial Statements and Other Historical Financial Information has been replaced by Canadian Standards on Assurance Engagement (CSAE) 3000, Attestation Engagements Other Than Audits or Reviews of Historical Financial Information and CSAE 3001, Direct Engagements for reports dated on or after June 30, 2017.

Practitioners are cautioned that if they continue to use the current SOC 2 guide for attestation engagements where the assurance report is dated on or after June 30, 2017, that this guide was prepared based on Section 5025. Practitioners are responsible for performing their engagements in accordance with CSAE 3000 and/or 3001, as applicable on or after June 30, 2017.

SOC Guide Update

The AICPA plans to release revised and improved Guidance Material covering SOC 2 and 3 engagements. It is CPA Canada’s plan to review the AICPA material and issue supplemental Canadian guidance. The guidance in this publication should continue to be used as a reference source pending release of revised guidance.

RELATED PUBLICATIONS

SOC 1: The CPA Canada Guide, Service Organizations – Applying CSAE 3416, Reporting on Controls at a Service Organization

NOTE: SOC for Cybersecurity: The CPA Canada Guide, Reporting on an Entity’s Cybersecurity Risk Management Program and Controls is in progress and will be available soon.



ISBN : 978-1-55385-762-4
Date de publication : March 2014

Afficher les Modalités et conditions | Politique relative à la protection de la vie privée | Politiques d'expédition et de la boutique | LAPHO

Service d'assistance : Du lundi au vendredi, de 9h à 17h HE | 1-866-256-6842 | Écrivez-nous

© 2001-2018, CPA Canada | EYEP. Tous droits réservés.