The American Institute of Certified Public Accountants (AICPA) Service Organization Control (SOC 2) provides “how-to” guidance for service auditors performing examinations under SSAE 18 (Clarified Attestation Standards), to report on a service organization’s controls over its system relevant to security, availability, processing integrity, confidentiality, or privacy. It includes an updated comprehensive illustrative type 2 SOC 2® report, a new comprehensive illustrative SOC 3® report, a new appendix for performing and reporting on a SOC 2® examination in accordance with International Standards on Assurance Engagements (ISAES) or in accordance with both the AICPA’s attestation standards and the ISAES, and expanded information on unique challenges and risks service auditors will encounter in performing SOC 2® or SOC 3®engagements for service organizations.
At RegScale, we give organizations easy and free tools to get started with building a fully compliant SOC 2 program with support for tracking policies, related assessments, evidence collection, issues management/performance improvement, and other related workflows. As of August 15, 2022, RegScale has announced that we officially support the SOC 2 as a catalog within our platform with automated tools/wizards for building compliant assessment programs. In addition, we have published multiple machine readable formats of SOC 2 including an Excel spreadsheet, raw JSON, and NIST OSCAL that are available upon request. These artifacts are freely available for others to reuse in their compliance automation programs using machine readable formats.
Schedule a free demo today to learn how RegScale can help you continuously meet your SOC 2 requirements. If you are ready to start automating your compliance processes for creating and managing SOC 2 requirements, this demo will also show how you can leverage RegScale to deliver continuous compliance. In addition to offering free tools, we have experienced compliance professionals who can assist you in creating robust SOC 2 compliance artifacts that will help you pass audits and reduce your risk with ease. With RegScale, our customers get software with a service to provide a concierge like experience for reducing risk related to their information systems.