New Changes to Trust Services Criteria and SOC 2 Reporting

Summary

The AICPA continues to adjust and refine the SOC 2 reporting requirements. The most recent release includes significant changes to the Trust Services Criteria and also addresses cybersecurity risks while offering increased flexibility. The AICPA also issued a Description Criteria.

Details

Available for use now, the AICPA has recently released new Trust Services Criteria for SOC 2 reporting. The new criteria will be required for reports with a period that ends on or after December 16 of this year. The recent changes are significant, and require additional time and attention from the companies who issue SOC 2 reports. These changes include:

Trust Services criteria now align with COSO 2013 and lay out points of focus
Five principles are now called five categories
Trust Services criteria, adjusted to better address cybersecurity risks
Separate Description Criteria requirements that specify requirements of the system description, along with implementation guidance.

Effective Date and Transition

Companies are required to use the new criteria for all reports whose period ends on or after December 16^th, 2018.

BDO Insights

Prepare for the new standards – sooner rather than later.

If you issue SOC 2 reports or plan to issue a SOC 2 report, it’s essential for your business to understand the new SOC 2 requirements – and how they’ll impact your organization’s SOC 2 reporting process. Early preparation will help companies stay ahead of the curve when it comes to attestation.

BDO’s Third Party Attestation Practice team is dedicated to providing high quality System and Organization Controls attestation services. Backed by one of the world’s largest global networks, BDO tailors SOC services to meet our clients’ unique needs, allowing us to deliver them in the most efficient and cost-effective way possible. Whether you’ve obtained a SOC 2 report in the past, or are planning to do so in the future, we can help you:

Gain an understanding of the reporting needs in light of the updates to the Trust Services Criteria and the Description Criteria;
Develop a SOC 2 reporting plan for the new requirements;
Complete an assessment/gap analysis based on selected SOC 2 criteria against the new requirements;
Identify any reporting gaps to determine any necessary incremental controls and system description updates.

FEATURED

Prepare for the SEC’s Climate Risk Disclosures

Prepare for the SEC’s Climate Risk Disclosures

BDO's Legal Tech Talk Podcast

BDO's Legal Tech Talk Podcast

Cost Optimization Strategies for Resilient Growth

Cost Optimization Strategies for Resilient Growth

FEATURED

2024 BDO CFO Outlook Survey

2024 BDO CFO Outlook Survey

2024 Healthcare Stability Outlook Report

2024 Healthcare Stability Outlook Report

FEATURED

2024 BDO CFO Outlook Survey

2024 BDO CFO Outlook Survey

The Internal Auditor’s Artificial Intelligence Strategy Playbook

The Internal Auditor’s Artificial Intelligence Strategy Playbook

Frequently Asked Questions Related to Employee Stock Ownership Plans

Frequently Asked Questions Related to Employee Stock Ownership Plans

FEATURED

BDO Is Proud to Be an ESOP Company

BDO Is Proud to Be an ESOP Company

BDO Named One of America’s Greatest Workplaces for Diversity

BDO Named One of America’s Greatest Workplaces for Diversity

BDO USA Announces Social Impact Strategy

BDO USA Announces Social Impact Strategy

New Changes to Trust Services Criteria and SOC 2 Reporting

Summary

Details

Effective Date and Transition

BDO Insights

Third Party Attestation Asset Management Alert: T+1 is Rapidly Approaching. Are You Ready?

Third Party Attestation Asset Management Alert: T+1 is Rapidly Approaching. Are You Ready?

Balancing Act: Navigating the Promise and Pitfalls of AI and Emerging Technologies

Balancing Act: Navigating the Promise and Pitfalls of AI and Emerging Technologies

Planning for Post Quantum for Enterprises

Planning for Post Quantum for Enterprises

Need a Privacy Control and Reporting Framework?

Need a Privacy Control and Reporting Framework?

Prepare for the SEC’s Climate Risk Disclosures

Prepare for the SEC’s Climate Risk Disclosures

BDO's Legal Tech Talk Podcast

BDO's Legal Tech Talk Podcast

Cost Optimization Strategies for Resilient Growth

Cost Optimization Strategies for Resilient Growth

2024 BDO CFO Outlook Survey

2024 BDO CFO Outlook Survey

2024 Healthcare Stability Outlook Report

2024 Healthcare Stability Outlook Report

2024 BDO CFO Outlook Survey

2024 BDO CFO Outlook Survey

The Internal Auditor’s Artificial Intelligence Strategy Playbook

The Internal Auditor’s Artificial Intelligence Strategy Playbook

Frequently Asked Questions Related to Employee Stock Ownership Plans

Frequently Asked Questions Related to Employee Stock Ownership Plans

BDO Is Proud to Be an ESOP Company

BDO Is Proud to Be an ESOP Company

BDO Named One of America’s Greatest Workplaces for Diversity

BDO Named One of America’s Greatest Workplaces for Diversity

BDO USA Announces Social Impact Strategy

BDO USA Announces Social Impact Strategy

New Changes to Trust Services Criteria and SOC 2 Reporting

Summary

Details

Effective Date and Transition

BDO Insights

SHARE

Related Resources

Third Party Attestation Asset Management Alert: T+1 is Rapidly Approaching. Are You Ready?

Third Party Attestation Asset Management Alert: T+1 is Rapidly Approaching. Are You Ready?

Balancing Act: Navigating the Promise and Pitfalls of AI and Emerging Technologies

Balancing Act: Navigating the Promise and Pitfalls of AI and Emerging Technologies

Planning for Post Quantum for Enterprises

Planning for Post Quantum for Enterprises

Need a Privacy Control and Reporting Framework?

Need a Privacy Control and Reporting Framework?