thumbnail
Alert

SOC 2 Reporting Guidance Update

January 30, 2019

In March 2018, the American Institute of Certified Public Accountants (AICPA) released additional guidance for practitioners as it relates to SOC 2 reporting.

Effective for examination periods ending after December 15, 2018, the guidance provides updates and clarity to SOC 2 reporting requirements and responds to the new 2017 Trust Services Criteria (TSC) and the 2018 Description Criteria.

What are the SOC 2 Report guidance changes?

The updates to the Trust Services Criteria represent the most significant change to the criteria since the development of SOC 2 reporting. The criteria change:

  • Restructures and aligns the Trust Services Criteria with the COSO 2013 framework.
  • Renames the Trust Services Principles and Criteria.
  • Restructures and adds supplemental criteria to better address cybersecurity risks.
  • Adds points of focus to all criteria.
  • Adds additional description criteria requirements (DC200).

What are the main implications?

  • For report users: Report clarity and greater transparency into service organizations.
  • For service organizations: Potential new compliance challenges, which will likely require additional controls, as well as additional effort preparing the system description.
  • For service auditors: Increased audit thoroughness.

How can Moore Colson help?

Unsure as to how these updates will affect your organization or how to prepare for your next SOC audit? Contact us to learn more about how we can help you achieve compliance with the updated SOC framework.