Who Needs SOC 2 Type 2 reports?

Businesses that are connected to IT systems must be audited to determine if they have adequate controls to protect private and nonpublic data.


  • A SOC 2 Type 2 audit report is issued by a CPA or CPA.CITP which covers the suitability and effectiveness of controls over data at a service organization
  • A SOC 2 Type 2 audit report examines controls over  the  security, availability, processing integrity, confidentiality and privacy of data.

 SOC 2 is one of three guidelines and standards introduced by the American Institute of Certified Public Accounts (AICPA).   AICPA has named the guidelines,  Service Organization Controls (SOC)  with subcategories SOC 1, SOC 2, and SOC 3.  The SOC 2 engagement is in accordance with the AT 101 and complies with the AICPA audit guide; Reports on Controls at a Service Organization over Security, Availability, Processing Integrity, Confidentiality or Privacy

SOC 2 Type 2 is an attestation report issued by a CPA or CPA.CITP stating an opinion on the assertion by management of a service organization, related entities and companies processing personal and nonpublic IT data regarding the suitability of their controls and their effectiveness.  A SOC 2 Type 2 report is written after an auditor conducts tests on the system and controls of a service organization’s information technology system and operating procedures to ensure that they meet strict requirements for criteria for security, availability, processing integrity, confidentiality and privacy.

Integrated Accounting Services (IAS) provides SOC2 Type 2.com  as a public service to those seeking an explanation of the SOC standards that must be met by service organizations and their users.

To provide a professional solution for these new standards the team at Integrated Accounting Services (IAS) performs audits for service organizations and their clients during the same testing period where possible.  IAS’s integrated approach to auditing both the service organization and its clients provides increased security, integrity and privacy for all systems. Timely coordinated reports and periodic follow-ups are part of the integrated approach to qualifying service organizations and their user entities and reporting the higher level of assurance to responsible parties.

This article is provided by Integrated Accounting Services for those seeking clarification of IT system and control requirements. Please contact us if you need an assessment of your system and to determine whether you need a SOC 1 or a SOC  2 audit to assure clients of your compliance with new SOC standards.

Leave a Reply

Your email address will not be published. Required fields are marked *

Go back to top