KnowledgeLeader Blog

More on Performing SOC Report Evaluations Comparison and Differences

Posted by Protiviti KnowledgeLeader on Mon, Nov 12, 2012 @ 10:51 AM

There is certainly overlap between SOC 1 and SOC 2 reports. For example, the security principle in a SOC 2 report refers to the protection of the system from unauthorized access (logical and physical), and limited access to the system to prevent potential abuse of the system, theft of resources, misuse of software, improper access or usage, and the alteration, destruction and disclosure of information. Key elements for the protection of the system include granting authorized access based on relevant needs and preventing unauthorized access to the system in all other instances. Some of this language is seen in a general computer control objective in a SAS 70 and will continue to be seen in a SSAE16/SOC 1 report. Abuse of the system and theft of resources are not often an ICFR concern or a SSAE16/SAS 70 risk.

Read More

Topics: SOC Report Evaluations

Add a Comment:

Subscribe to Our Blog

About KnowledgeLeader

KnowledgeLeader, provided by Protiviti, is the premier resource for internal audit and risk management professionals.

With over 1,400 customizable tools and 1,300 articles by industry experts, we offer the most comprehensive service on the market.

For more information:

 Start 30-day Free Trial

Posts by Topic

see all