AT 101 SOC 2 Report Services
The AT 101 SOC 2 report deals specifically with controls related to Security, Confidentiality, Privacy, Availabillity, and Processing Integrity and are known as the 5 Trust Service Principles. Developed by the AICPA and replacing the SAS 70, the AT 101 SOC 2 reports provide organizations with a broad range of information and assurance in regards to the controls and organization has in place for their systems that deal with the information processed by these systems. Some examples of organizations that would require or benefit from a SOC 2 report include:
- Datacenters and Colocation Facilities
- SaaS Providers
- Software Developers
- Document Creation and Production
Type I Report
The AT 101 SOC 2 Type I report is a report on management's description of the system(s) in scope and the suitability and design of the controls related to the Trust Principle's in scope.
Type II Report
The AT 101 SOC 2 Type II Report is more detailed. The Type II report includes the statement's above, related to a Type I report, but takes it a step further to outline the operating effectiveness of the controls in place over a period of time, not less than 6 months.
Compass IT Compliance partners with leading CPA Firms to assist organizations through the AT 101 SOC 2 reporting process to ensure that they are prepared and receive the proper attestation. For more information on how Compass IT Compliance can assist your organization, please contact us for an initial consultation.