+ 001 0231 123 32



All demo content is for sample purposes only, intended to represent a live site. Please use the RocketLauncher to install an equivalent of the demo, all images will be replaced with sample images.

Trusted Advisors to Businesses throughout North America

3 minutes reading time (632 words)

SOC 2 Reporting Framework and the Top 10 Items You Need to Know About | Part II

4. Learn about AT Section 101. If you are a service organization seeking SOC 2 compliance, be sure to take note of the following technical aspects of AT Section 101. In short, AT 101 is the professional AICPA standard used for reporting on subject matters other than those relating to financial statement reporting for internal controls. 

Additionally, any practitioner performing an engagement in accordance with AT 101 is to adhere to five (5) general standards for audit professionalism. In short, it’s about being independent, doing your job as an auditor, and performing the assessment and reporting on your findings, and that’s really all you need to know.

Picking a high-quality CPA firm – an organization with years of regulatory compliance expertise and professionalism – will help ensure the AT 101 protocols are being followed. To learn more about SOC 2 and receive a competitively priced, fixed-fee proposal, speak with CPA Christopher Nickell at 1-800-277-5415, ext. 706, or email Chris at This email address is being protected from spambots. You need JavaScript enabled to view it..

5. Understand the differences between SOC 1 and SOC 2. Sure, there are numerous differences between SOC 1 and SOC 2, and here are a few of the more notable points you need to know regarding SOC 1 vs. SOC 2.

  • SOC 1 reporting utilizes the SSAE 18 professional standard.
  • SOC 2 reporting utilizes the AT 101 professional standard and incorporates “common criteria” as it audit basis.
  • SOC 1 is intended for reporting on controls that relating to Internal Control over Financial Reporting (ICFR).
  • SOC 2 is intended for reporting on non-financial controls, such as the growing list of technology companies.

More and more businesses are shifting to SOC 2 – why – because in today’s world technology is permeating every industry, and the SOC 2 assessment process is becoming the best avenue for reporting on technology controls for service organizations. SSAE 18 SOC 1 is still a very viable assessment platform – and it has its rightful place – but should not be performed for technology companies. Yes, we still see the likes of data centers and other businesses “still” undergoing SSAE 18 SOC 1 compliance, but it’s not the ideal choice.

In establishing this new SOC framework, the AICPA took into account a number of pressing factors. The outdated nature of the SAS 70 auditing standard, as well as the need to embrace international accounting standards, were both taken into account. When paired with the rapidly growing number of technology and cloud computing based service organizations, a shift towards a more suitable reporting platform seemed necessary. Let’s just say that SOC 2 is on the move – in a good way – growing steadily in terms of recognition and use, as the likes of data centers to cloud providers are all performing annual SOC 2 audits.

6. Develop a description of the "system". A core requirement of SOC reporting is the description of one's "system", which is, a comprehensive narrative that describes the following:

“the services provided, along with the supporting processes, policies, procedures, personnel and operational activities that constitute the service organization's core activities that are relevant to user entities.” The description of the system can take some time to develop, but in all honesty, a large amount of the documentation is collaboratively developed by the service organization and the CPA firm performing the audit, so keep this in mind.

View Part I and Part III of the SOC 2 Reporting Framework Essentials White Paper.

Stay Informed

When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.

SOC 2 Reporting Framework and the Top 10 Items You...
SOC 2 Reporting Framework and the Top 10 Items You...

Get A Free Quote Today!

Fill out my online form.