Vendor Management from a Vendor’s Perspective: Get Ready for the New SOC 2

For those of you who have just gotten used to the changes in the AICPA’s Trust Services Principles and the related SOC 2 examination requirements, it’s time to start getting ready for the new SOC 2. The AICPA’s Assurance Services Executive Committee (ASEC) issued an exposure draft last fall proposing revisions to the Trust Services Principles that will take effect for SOC 2 reports that are issued on or after December 15, 2018.

The new SOC 2 will now align with the COSO 2013 framework which will be a significant change that will likely require service organizations to reorganize some of their internal controls and will include criteria that have never been included in previous Criteria versions. In addition, there will be added supplemental criteria to better address cybersecurity risks and, the five principles (Security, Availability, Processing Integrity, Confidentiality, and Privacy) will now be referred to as the Trust Services Categories to avoid confusion with the COSO terminology.

Even though the changes won’t take effect until later this year, service organizations need to plan for the changes now, to ensure that their internal controls are appropriate and will stand up to the new criteria.

During this complimentary webinar we covered:

  • Provide an overview of COSO 2013
  • Review the mapping from the current TSP to the new COSO 2103 Framework
  • Examine the additional criteria that are required under the new framework
  • Discuss the resources provided by the AICPA their availability
  • Answer your questions based on what we know now

There are many changes that will accompany the new SOC 2 examination requirements and some things that may still seem unclear. Fill out the download form and access a copy of the recording and let us walk you through the specific changes that will impact your service organization and the practical steps you can take to ensure you are effectively meeting the new requirements.

Download Now