SOC 2 Report on Controls Related to Security, Availability, Processing Integrity, Confidentiality, and Privacy


In the past, SAS 70 reports encompassed financial reporting controls, operational controls, and compliance controls. SSAE 16 SOC 1 reports, which have effectively replaced SAS 70 reports, will be prepared in accordance with Statement on Standards for Attestation Engagements (SSAE) No. 16, Reporting on Controls at a Service Organization. SSAE 16 SOC 1 reports can no longer be used for any other purpose except for reporting on the system of internal controls relating to internal control over financial reporting. For reports that are not specifically focused on internal controls over financial reporting, the AICPA has issued an Interpretation under AT Section 101 permitting service auditors to issue reports. These reports will now be considered SOC 2 or SOC 3 reports and focus on controls at a service organization relevant to the following principles:

    • Security: The system is protected against unauthorized access, use, or modification;
    • Availability: The system is available for operation and use as committed or agreed;
    • Processing Integrity: System processing is complete, valid, accurate, timely, and authorized;
    • Confidentiality: Information designated as confidential is protected as committed or agreed; and
    • Privacy: The system’s collection, use, retention, disclosure, and disposal of personal information are in conformity with the commitments in the service organization’s privacy notice and with criteria set forth in the Generally Accepted Privacy Principles (GAPP) issued by the AICPA and CPA Canada.

This means many companies which have used SAS 70’s in the past, will now need a SOC 2 report (e.g. managed service providers, Software as a Service (SaaS), cloud computing, etc.).

Readiness Assessment

Many companies undergoing a SOC 1 or SOC 2 audit for the first time choose to perform a Readiness Assessment prior to undergoing the Type I or Type II audit. For more information regarding the benefits of our Readiness Assessment services, please click here.


SSAE 16 Professionals has assembled top tier leadership to help our clients through the SOC 2 process. For further information regarding SSAE 16 reports, or to request a fee proposal from SSAE 16 Professionals, please visit our Contact Us page to submit an informational form or call 1-866-480-9485 today. We look forward to hearing from you!