<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1977396509252409&amp;ev=PageView&amp;noscript=1">

SUITE OF SERVICES services menu

Hamburger-menu.png
MobileSearchIcon.png
Brightline-BlogBanner.jpg

THE SCHELLMAN ADVANTAGE BLOG

< BACK TO BLOG HOME

Rest In Peace SOC 3 Seal

Written by AVANI DESAI on Oct 29, 2014

rest-in-peace-soc-3-seal

On October 2, 2014, the AICPA and CPA Canada announced their joint decision to discontinue the seal programs for Systrust and SOC 3 Systrust for Service Organizations.

 

In their announcement, the AICPA and CPA Canada stated that both of these organizations recognize that there has been growth in the attestation/assurance services market, especially in the area of systems reliability and service organization controls - and it's with this in mind that they will continue to ensure the effectiveness of these services despite the seal program coming to an end.

This doesn’t mean that the SOC 3 examination is gone, just the seal. According to Bryan Walker, Director of Practitioner Support, CICA:

The SOC 3 for SysTrust for Service Organizations will remain as part of the initiatives for Service Organization Controls. The SOC 3 seal program will be terminated and the SOC 3 seal will no longer be available.

Therefore, service organizations still complete a SOC 3 examination, which provides a shorter report than a SOC 2 examination including only the auditor's opinion, management’s assertion and the system description.

So what does that mean for service organizations that underwent a SOC 3 examination?

After December 31, 2014, only the seal that was jointly managed by the AICPA and CPA Canada will not be provided to service organizations.. Meanwhile, a seal that has already been issued under an existing license will remain active through its expiration date. Seals will still be issued through to December 31, 2014, to any SysTrust and SOC 3 engagements currently in progress - including renewals of existing SOC 3 SysTrust for Service Organization and SysTrust seals. After that date, however, anyone who continues to use SysTrust related marks must disclose to clients that the seal program is not active, and is not supported by or associated with AICPA and CPA Canada.

Also, do not fret; service organizations can still complete the SOC 2 examination, which will still provide the user entity the same level of comfort – just not freely distributed.

You should also know that CPA Canada stated in the announcement that they are reviewing the WebTrust for Certification Authorities seal program. While it currently continues, the review is to determine whether the benefits of the program justify the resources necessary for its continuation.

Clearly, there is a lot of assessment and change underway- however, every effort has been made to see that these changes will not cause a disruption within the service organization control reporting world.

Topics: SOC Reports, WebTrust, SysTrust

AVANI DESAI

MEET THE WRITER

AVANI DESAI

PRINCIPAL AND SOC1 SUBJECT MATTER EXPERT

Avani Desai is the President at Schellman. Avani has more than 15 years of experience in IT attestation, risk management, compliance and privacy. Avani’s primary focus is on emerging healthcare issues and privacy concerns for organizations. Named as one of the 2017 Global Leaders in Consulting by Consulting Magazine she has also been featured and published in the ISSA Journal, ITSP Magazine, ISACA Journal, Information Security Buzz, Healthcare Tech Outlook, and many more. Avani also sits on the board of Catalist, a not for profit that empowers women by supporting the creation, development and expansion of collective giving through informed grantmaking. In addition, she is co-chair of 100 Women Strong, a female only venture philanthropic fund to solve problems related to women and children in the community.

COMMENTS