Your Business News

AICPA – New Service Organization Controls (SOC) Guidance

March 15, 2023

Authored by RSM Canada LLP

Joel A. Humphrey, CPA, CA shared this article

ARTICLE | March 15, 2023

What could updated SOC 2 and 3 guidance mean for your organization?

The AICPA recently released updated guidance to assist teams in implementing System and Organization Controls (SOC) 2 and 3 reports. While the new guidance is generally directed toward the service auditors that perform SOC engagements, any service organizations that produce these reports for their customers should familiarize themselves with the new guidance to understand the impacts on their existing reports.

These changes are designed to adapt to evolving threats and dynamics in the marketplace and ultimately improve the strength of the SOC reports. The AICPA guidance does not necessarily include any new requirements, but it does provide new implementation guidance and focus points for meeting the requirements of the attestation standards.

The AICPA has released a new reporting guide, as well as description criteria with revised implementation guidance and Trust Services Criteria with revised focus points. The new implementation guidelines are already in effect, with all reporting periods after Oct. 15, 2022, subject to the updated documentation.  

Inside the AICPA updates

How you apply the guidance for SOC reporting may change. It may take more time, and processes may require more attention without proper preparation. Your organization needs to be ready if a SOC engagement needs to be performed differently under the new guidance.

The new implementation guidance provides factors to consider when judging the extent of disclosures and necessary controls relevant to certain Trust Services Criteria. Two significant updates include guidance for when additional security frameworks are included within an organization’s service commitments or system requirements and disclosing if the organization is a data controller and/or data processor when using the privacy category.

The various guidance revisions did not alter the current criteria in the 2017 TSC. Therefore, depending on your specific system, your current SOC report may have little to no impact. Organizations should consider these changes when completing their next risk assessment.

Be prepared for potential changes

If you utilize SOC 2 or 3 reports, you need to understand how changes to the SOC reporting process could affect your organization. The experienced RSM SOC team can provide effective direction to detail any necessary reporting adjustments and help you prepare accordingly.

Contact us to discuss the new guidelines and how to continue to demonstrate your commitment to internal controls, security, and data protection, and leverage the full value of SOC reporting.

Let's Talk!

Call us at 1 855 363 3526 or fill out the form below and we'll contact you to discuss your specific situation.

  • Topic Name:
  • Should be Empty:

RSM Canada Alliance provides its members with access to resources of RSM Canada Operations ULC, RSM Canada LLP and certain of their affiliates (“RSM Canada”). RSM Canada Alliance member firms are separate and independent businesses and legal entities that are responsible for their own acts and omissions, and each are separate and independent from RSM Canada. RSM Canada LLP is the Canadian member firm of RSM International, a global network of independent audit, tax and consulting firms. Members of RSM Canada Alliance have access to RSM International resources through RSM Canada but are not member firms of RSM International. Visit for more information regarding RSM Canada and RSM International. The RSM trademark is used under license by RSM Canada. RSM Canada Alliance products and services are proprietary to RSM Canada.

FCR a proud member of RSM Canada Alliance, a premier affiliation of independent accounting and consulting firms across North America. RSM Canada Alliance provides our firm with access to resources of RSM, the leading provider of audit, tax and consulting services focused on the middle market. RSM Canada LLP is a licensed CPA firm and the Canadian member of RSM International, a global network of independent audit, tax and consulting firms with more than 43,000 people in over 120 countries.

Our membership in RSM Canada Alliance has elevated our capabilities in the marketplace, helping to differentiate our firm from the competition while allowing us to maintain our independence and entrepreneurial culture. We have access to a valuable peer network of like-sized firms as well as a broad range of tools, expertise, and technical resources.

For more information on how FCR can assist you, please call us at 1 855 363 3526

Important Notice:

FCR will now redirect you to CCH Portal where your FCR Client Portal login is located.

Share This