Browse Information Systems and Controls (ISC)
-
-
- 3.1 COSO Internal Control – Integrated Framework: Relevance to Information Systems
- 3.2 COSO ERM for IT: Risk Management Across Digital Environments
- 3.3 COBIT 2019 Overview: Governance System Principles and Components
- 3.4 Other Influential Standards and Regulations (e.g., PCI DSS, HIPAA, GDPR)
- 3.5 ITIL and IT Service Management Overviews
-
-
- 10.1 Change Control Concepts: Policies and Procedures
- 10.2 Environments and Testing (Development, QA/Staging, Production)
- 10.3 Patch Management: Risks and Controls
- 10.4 Continuous Integration and Continuous Deployment in Modern DevOps
- 10.5 Systems Development Life Cycle (SDLC): Waterfall vs. Agile/DevOps
-
-
-
-
-
Chapter 24: SOC 2® Examinations
In this section
-
Trust Services Criteria (Security, Availability, Processing Integrity, Confidentiality, Privacy)
Explore the five key Trust Services Criteria in SOC 2® examinations—Security, Availability, Processing Integrity, Confidentiality, and Privacy—and their alignment with the COSO Internal Control Framework.
-
SOC 2® Description Criteria and System Boundaries
Learn how to define SOC 2® system boundaries effectively while aligning with the AICPA’s Description Criteria. Avoid misrepresentations, refine scoping, and ensure accurate control coverage for high-quality SOC 2® examinations.
-
Risk Assessment and Testing Controls for SOC 2®
Learn how to identify and evaluate risks within each SOC 2® trust service category and apply effective control testing methodologies to ensure a reliable, secure, and compliant environment.
-
Evaluating Deviations, Exceptions, and Forming the Opinion
Learn how to weigh exceptions discovered during SOC 2® fieldwork, conclude their severity, and effectively form the final opinion in compliance with trust services criteria.
