Comparison of SOC 1, SOC 2 and SOC 3 Reports （SOC的比较1、SOC 2和SOC 3报告）.pdf

Comparison of SOC 1, SOC 2 and SOC 3 Reports SOC 1 Reports SOC 2 Reports SOC 3 Report Under what SSAE No. 16, Reporting AT 101, Attestation AT 101, Attestation professional on Controls at a Service Engagements Engagements standard is the Organization engagement performed? AICPA Guide, Applying AICPA Guide, Reporting on AICPA Technical Practice SSAE No. 16, Reporting Controls at a Service Aid, Trust Services Principles, on Controls at a Service Organization Relevant to Criteria, and Illustrations Organization Security, Availability, Processing Integrity, Confidentiality, or Privacy What is the Controls at a service Controls at a service Controls at a service subject matter of organization relevant to organization relevant to organization relevant to the engagement? user entities internal security, availability, security, availability, control over financial processing integrity processing integrity, reporting. confidentiality, or privacy. confidentiality, or privacy If the report addresses the If the report addresses the privacy principle, the service privacy principle, the service organization’s compliance