Free Site Registration

Cloud Security Group Endorses AICPA Cloud Controls Reporting Framework


The Cloud Security Alliance (CSA), a not-for-profit organization that promotes the use of best practices on security assurance within cloud computing, has officially endorsed the American Institute of CPA’s framework for evaluating technology-related controls and other safeguards used by cloud service providers.

 The AICPA’s reporting framework, known as Service Organization Control (SOC) Reports was developed in 2011 and consists of three major document types. The first – the SOC 1 report - deals with controls over financial reporting, and replaces the widely used SAS 70 report. The SOC 2 report,focuses on controls that bear on a service provider’s security, processing integrity and operating availability, as well as the confidentiality and privacy of data moving through its systems. SOC 3 is a compressed version of the SOC 2 and is designed for public distribution.

In a position paper released today, the CSA said that for most cloud providers a SOC 2 report “is likely to meet the assurance and reporting needs of the majority of users of cloud services, when the criteria for the engagement are supplemented by the criteria in the cloud controls matrix.”

The CSA’s position paper offers guidance to members on when a SOC 1 report is necessary, when a SOC 2 report is called for, and when both engagement types may be required.

“Technology-related compliance and operating integrity audits are becoming increasingly important as the adoption of cloud-based services become the norm for businesses,” said CSA executive director Jim Reavis. “The CSA Security Trust & Assurance Registry (STAR), serves as the standard for demonstrating transparent alignment with CSA security best practices and this paper is a major step forward in leveraging AICPA's popular reporting framework to consolidate attestation requirements and layer third party trust on top of CSA STAR.”

1 Comment

Informative article. Read a whitepaper about this very topic " Which SOC controls report is right for your organization " it offers valuable tips on SOC Controls reports , readers will find it very helpful @

Posted by: ksuresh | March 7, 2013 2:58 AM

Report this Comment

Add Your Comments...

Already Registered?

If you have already registered to Accounting Today, please use the form below to login. When completed you will immeditely be directed to post a comment.



Accounting Technology


The Virtual Firm

November 7, 2013

Jennifer Katrulya, CEO of the Business Management Resource Group, discusses how to run an accounting practice from an iPad or other mobile device in a virtual environment, in an interview with managing editor Tamika Cody at Accounting Today's Growth & Profitability Summit in Orlando.

Social Media Tips for Professional Services Firms

October 9, 2013

Social media strategist Adrian Dayton and BeachFleischman PC chief marketing officer Eric Majchrzak discuss how accounting firms and other professional services firms can use LinkedIn, Google+ and other social networks to market their offerings to potential clients, and use search engine optimization to showcase their content, in an interview with Accounting Today senior editor Danielle Lee.

Top 10 Tech Trends for 2014

March 3, 2014

As companies gain more affordable access to new technology and platforms, they also seek to make smarter investments. As we begin 2014, James Cashin, partner at McGladrey, has identified ten common strategies in how companies are capitalizing on their IT investments to best implement process improvements and increase performance.