opexxx · January 26, 2022 09:12
diff --git a/soc1_soc2_aicpa b/soc1_soc2_aicpa

 SOC 1 - SOC for Service Organizations: ICFR
 ============================================
 Report on Controls at a Service Organization Relevant to User Entities’ Internal Control over Financial Reporting (ICFR)
 These reports, prepared in accordance with AT-C section 320, Reporting on an Examination of Controls at a Service Organization Relevant to User Entities’ Internal Control Over Financial Reporting, are specifically intended to meet the needs of entities that use service organizations (user entities) and the CPAs that audit the user entities’ financial statements (user auditors), in evaluating the effect of the controls at the service organization on the user entities’ financial statements.

 There are two types of reports for these engagements:

 Type 2 - report on the fairness of the presentation of management’s description of the service organization’s system and the suitability of the design and operating effectiveness of the controls to achieve the related control objectives included in the description throughout a specified period.
 Type 1 – report on the fairness of the presentation of management’s description of the service organization’s system and the suitability of the design of the controls to achieve the related control objectives included in the description as of a specified date.
 Use of these reports is restricted to the management of the service organization, user entities, and user auditors.


 SOC 2® - SOC for Service Organizations: Trust Services Criteria
 ===============================================================
 Report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy
 These reports are intended to meet the needs of a broad range of users that need detailed information and assurance about the controls at a service organization relevant to security, availability, and processing integrity of the systems the service organization uses to process users’ data and the confidentiality and privacy of the information processed by these systems. These reports can play an important role in:

 Oversight of the organization
 Vendor management programs
 Internal corporate governance and risk management processes
 Regulatory oversight
 Similar to a SOC 1 report, there are two types of reports: A type 2 report on management’s description of a service organization’s system and the suitability of the design and operating effectiveness of controls; and a type 1 report on management’s description of a service organization’s system and the suitability of the design of controls. Use of these reports are restricted.

 https://us.aicpa.org/interestareas/frc/assuranceadvisoryservices/aicpasoc1report
 https://us.aicpa.org/interestareas/frc/assuranceadvisoryservices/aicpasoc2report

	SOC 1 - SOC for Service Organizations: ICFR
	============================================
	Report on Controls at a Service Organization Relevant to User Entities’ Internal Control over Financial Reporting (ICFR)
	These reports, prepared in accordance with AT-C section 320, Reporting on an Examination of Controls at a Service Organization Relevant to User Entities’ Internal Control Over Financial Reporting, are specifically intended to meet the needs of entities that use service organizations (user entities) and the CPAs that audit the user entities’ financial statements (user auditors), in evaluating the effect of the controls at the service organization on the user entities’ financial statements.

	There are two types of reports for these engagements:

	Type 2 - report on the fairness of the presentation of management’s description of the service organization’s system and the suitability of the design and operating effectiveness of the controls to achieve the related control objectives included in the description throughout a specified period.
	Type 1 – report on the fairness of the presentation of management’s description of the service organization’s system and the suitability of the design of the controls to achieve the related control objectives included in the description as of a specified date.
	Use of these reports is restricted to the management of the service organization, user entities, and user auditors.


	SOC 2® - SOC for Service Organizations: Trust Services Criteria
	===============================================================
	Report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy
	These reports are intended to meet the needs of a broad range of users that need detailed information and assurance about the controls at a service organization relevant to security, availability, and processing integrity of the systems the service organization uses to process users’ data and the confidentiality and privacy of the information processed by these systems. These reports can play an important role in:

	Oversight of the organization
	Vendor management programs
	Internal corporate governance and risk management processes
	Regulatory oversight
	Similar to a SOC 1 report, there are two types of reports: A type 2 report on management’s description of a service organization’s system and the suitability of the design and operating effectiveness of controls; and a type 1 report on management’s description of a service organization’s system and the suitability of the design of controls. Use of these reports are restricted.

	https://us.aicpa.org/interestareas/frc/assuranceadvisoryservices/aicpasoc1report
	https://us.aicpa.org/interestareas/frc/assuranceadvisoryservices/aicpasoc2report