Obtaining a SOC 2 report requires an investment of both time and money for a service organization and, at some point, might seem like more work than it’s worth. However, the advantages to obtaining a SOC 2 report far outweigh the initial investment.
On December 15, 2014, the new SOC 2 Common Criteria took effect. What does that mean for your SOC 2 audit?
How bad is a qualified report? This question comes up almost every time a qualified report is issued to a service organization.
A question that often comes up from service organizations and service auditors is this “Who can management distribute the report too?” The answer lies buried in the AICPA’s audit guides and is different depending on the type of service organization control (SOC) audit report.