SOC 2 and SOC 3 examination basics – from planning and executing the engagement to reporting – are reviewed to prepare you to perform the engagement or use the report. Introduction to SOC 2 and SOC 3 reports Many organizations outsource services and need assurance related to the systems the service organizations use to process user data. SOC 2 and SOC 3 reports can help provide users with information regarding the security, availability and processing integrity of these systems and their ability to maintain confidentiality and privacy. Differentiating between SOC 2 and SOC 3 reports SOC 2 reports provide outsourcing organizations and their auditors with information to help them assess and address the risks and controls associated with outsourced services. SOC 3 reports, on the other hand, provide less detail and are intended for the public. You’ll learn more about the differences between these reports as you explore topics, including: - Planning and reporting considerations - Designing and performing effective procedures - Completing the engagement Who Will Benefit Service auditors, service organization management, financial statement auditors, internal auditors, and entities that outsource functions to service organizations Key Topics - SOC 2 report planning considerations and applicability - SOC 3 report considerations - Evaluating and testing of controls - Reporting matters and considerations - Completing the engagement Learning Outcomes - Identify planning considerations and responsibilities. - Recall how to execute procedures related to design and operating effectiveness of controls and how to evaluate results. - Recognize requirements for reporting and completing the engagement. - Recognize differences between SOC 2 and SOC 3 reports.