SOC2 Trust Principles and Security Controls XLS CSV Download

• by secboxadmin
• in GRC
• posted November 9, 2016

AICPA SSAE16 Is the Platform for the SOC2 Framework

SSAE stands for “Statement on Standards for Attestation Engagement.  It was put forth by the Auditing Standards Board of the American Institute of Certified Public Accountants.  SSAE 16 is the platform and most basic standard for which the new AICPA SOC reporting framework is found on.  This framework consists of SOC 1, SOC 2, and SOC3 reports.  We will be focusing on SOC2.

Overview of SOC2 security standards and trust principles

SOC 2 Compliance is growing quickly, specifically in the service industry.  This platform was launched in attempt to reboot reporting on service organizations.  While SOC1 and SOC3 are focused on other areas, SOC2 is specifically focused on and designed for the growing number of technology and cloud computing entities that continue to grow and become more normal in the service organization industry.  SOC2 allows reporting on any of the five Trust Service Principles.  The other SOCs have different guidelines for this, but SOC2 allows for reporting on any or all of the TSPs.  One specific guideline for reporting under SOC 2 is that it requires a written statement of assertion and a description of one’s “system”.  The written assertion and description of the “system” is to be written by the service organization’s management team.  SOC2 has not been as prevalent in the past, as it is now becoming.  There is great value in the SOC2 and service organizations are starting to realize that as technology and cloud computing entities are changing and growing.

Download SOC2 Trust Principles in Excel XLS CSV Format