SOC 2 Reporting Changes

white paper

By: Jamie Kilcoyne, Managing Director, Coalfire Controls

SOC 2 Reporting Changes

In 2018, SOC 2 reports will change in two significant ways:

  1. In April 2017, the AICPA’s Assurance Services Executive Committee (ASEC) released the 2017 Trust Services Criteria (2017 TSC) that supersedes the 2016 Trust Services Principles and Criteria (2016 TSP). The 2017 TSC are found in TSP section 100, 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy.

  2. In March 2018, the ASEC issued a new version of the Description Criteria (2018 DC), which are used by management when preparing the description of the service organization’s system, replacing the 2015 Description Criteria. The 2018 DC are found in DC section 200, 2018 Description Criteria for a Description of a Service Organization’s System in a SOC 2 Report.

The purpose of this white paper is to evaluate these changes and the impact that they will have on service organizations that receive SOC 2 reports and the service auditors who conduct the engagements. The 2017 TSC and 2018 DC will be required for Type 1 SOC 2 reports with as-of dates after December 15, 2018, and Type 2 reports with periods ending after December 15, 2018.

This white paper requires registration. Please fill out the form on this page to receive access.