[Verse 1] Service organizations open their vault doors wide Third-party auditors peek beneath the corporate hide SOC 2 speaks to users who already comprehend SOC 3 broadcasts trust to markets without end Five criteria stand like sentries at the gate Security, availability won't hesitate [Chorus] SACPP - remember the five Security, Availability keeping data alive Confidentiality locks what should stay sealed Processing Integrity - truth gets revealed Privacy protects what belongs to each soul Trust Services Criteria make the system whole [Verse 2] Type One freezes time like a photograph frame Design effectiveness bears the auditor's name Type Two spans months with operational proof Testing controls beneath the corporate roof Management assertions written bold and clear Service auditor's opinion crystal sheer [Chorus] SACPP - remember the five Security, Availability keeping data alive Confidentiality locks what should stay sealed Processing Integrity - truth gets revealed Privacy protects what belongs to each soul Trust Services Criteria make the system whole [Bridge] Restricted use for SOC 2 reports General use when SOC 3 supports Complementary user entities in scope Internal controls give stakeholders hope SSAE eighteen governs examination rules AICPA standards sharpen professional tools [Verse 3] Description criteria paint the service map Control criteria fill each potential gap Suitable design meets objectives true Operating effectiveness carries companies through Subservice organizations may complicate Carve-out, inclusive methods separate [Chorus] SACPP - remember the five Security, Availability keeping data alive Confidentiality locks what should stay sealed Processing Integrity - truth gets revealed Privacy protects what belongs to each soul Trust Services Criteria make the system whole [Outro] From cloud providers to payroll firms alike SOC engagements help stakeholders strike The balance between risk and digital trust In our interconnected world, assurance is a must
← SOC 1 Engagements - Service Organizations | Internal Controls →