Inside the Briefcase

How to Best Utilise Analytics in all its Forms

How to Best Utilise Analytics in all its Forms

Analytics is one of the most indispensable tools any...

2016 APM Reference Guide: Application Performance Monitoring

2016 APM Reference Guide: Application Performance Monitoring

IT Briefcase Analyst Report
This product guide allows you to...

IT Briefcase Exclusive Interview: Top IoT Trends and Predictions for Organizations in 2016

IT Briefcase Exclusive Interview: Top IoT Trends and Predictions for Organizations in 2016

with Mike Martin, nfrastructure
In this interview, Mike Martin,...

Unleash the Power of Global Content

Unleash the Power of Global Content

globeYour business depends on pushing accurate and dynamic content...

Clicking Away Your Right to Privacy

Clicking Away Your Right to Privacy

Before using any standard Internet service provider for e-mail...

Leading Cloud Security Group Endorses AICPA’s Reporting Framework for Evaluating Controls Over Cloud Providers

February 25, 2013 No Comments

SOURCE: Cloud Security Alliance

NEW YORK (Feb. 25, 2013) – The American Institute of CPA’s framework for evaluating technology-related controls and other safeguards used by cloud service providers has been endorsed by the Cloud Security Alliance (CSA), a not-for-profit organization that promotes the use of best practices on security assurance within cloud computing.

The AICPA’s reporting framework, known as Service Organization Control Reports SM, was developed in 2011 and consists of three major document types. The first – the SOC 1SM report – deals with controls over financial reporting, and replaces the widely used SAS 70 report. The SOC 2SM report, meanwhile, focuses on controls that bear on a service provider’s security, processing integrity and operating availability, as well as the confidentiality and privacy of data moving through its systems. A third report, SOC 3SM, is a compressed version of the SOC 2SM and is designed for public distribution.

In a position paper released today, the CSA said that for most cloud providers a SOC 2SM report “is likely to meet the assurance and reporting needs of the majority of users of cloud services, when the criteria for the engagement are supplemented by the criteria in the Cloud Controls Matrix.” The Alliance said it made its determination after a “careful consideration of alternatives.”

“Technology-related compliance and operating integrity audits are becoming increasingly important as the adoption of cloud-based services become the norm for businesses,” said Jim Reavis, executive director of the CSA. “The CSA Security Trust & Assurance Registry (STAR), serves as the standard for demonstrating transparent alignment with CSA security best practices and this paper is a major step forward in leveraging AICPA’s popular reporting framework to consolidate attestation requirements and layer third party trust on top of CSA STAR.”

The CSA’s position paper offers guidance to members on when a SOC 1SM report is necessary, when a SOC 2SM report is called for, and when both engagement types may be required. The document is the result of a close collaboration between the AICPA and the CSA, driven by their mutual goal of improving transparency and assurance in the cloud computing field.

“The cloud can create great efficiencies for businesses, but it also introduces challenges and complexities for those businesses and their stakeholders who rely on the information’s integrity, security and privacy,” said Susan Coffey, CPA, CGMA, senior vice president for public practice and global alliances.  “We’re delighted that the Cloud Security Alliance has given its stamp of approval to Service Organization Control Reports as a mechanism to meet this reporting challenge, as well as to complement the security principles in its Cloud Controls Matrix.”

About the AICPA

The American Institute of Certified Public Accountants (AICPA) is the world’s largest member association representing the accounting profession, with nearly 386,000 members in 128 countries and a 125-year heritage of serving the public interest.  AICPA members represent many areas of practice, including business and industry, public practice, government, education and consulting.

The AICPA sets ethical standards for the profession and U.S. auditing standards for audits of private companies, nonprofit organizations, federal, state and local governments. It develops and grades the Uniform CPA Examination and offers specialty credentials for CPAs who concentrate on personal financial planning; fraud and forensics; business valuation; and information technology. Through a joint venture with the Chartered Institute of Management Accountants (CIMA), it has established the Chartered Global Management Accountant (CGMA) designation to elevate management accounting globally.

The AICPA maintains offices in New York, Washington, DC, Durham, NC, and Ewing, NJ.

Media representatives are invited to visit the AICPA Press Center at aicpa.org/press.

News

Leave a Reply

(required)

(required)


ADVERTISEMENT

AnDevCon


American Customer Festival 2016 New York

ITBriefcase Comparison Report

Cyber Security Exchange