SOC Certification Similar to ISO 27001 Certification?

April 14, 2015 Debbie Zaller

Is there a SOC certification similar to an ISO 27001 Certification?

SOC reporting actually is not considered a certification. As the SOC reports are performed under AICPA attestation standards, they are considered attestation reports. The attestation reports provide an opinion by an independent practitioner/auditor attesting to certain elements about the control environment of a service organization, depending on the SOC report or attestation standard. This is different than an ISO certification that determines an organization’s conformity of their ISMS to the ISO 27001 standard.

About the Author

Debbie Zaller

Debbie is Principal and co-owner at Schellman & Company, LLC. She began her career in 2000 while working at Arthur Andersen in their Technology Risk Assurance practice. Debbie now leads the Midwest Region along with the Privacy, SOC 2 and SOC 3 service lines and is also on the AICPA’s SOC Specialist Task Force. She is responsible for internal training, methodology creation, and quality reporting. Debbie was a past member of the Florida Institute of Certified Public Accountants’ Board of Governors and served on the Finance and Office Advisory Committee. She also served on the AICPA’s Advanced SOC for Service Organizations Certificate Task Force.

More Content by Debbie Zaller
Previous Article
SOC Examination: Is there a SOC certification similar to an ISO 27001 certification?
SOC Examination: Is there a SOC certification similar to an ISO 27001 certification?

Is there a SOC certification similar to an ISO 27001 certification?

Next Article
Complimentary Live Webinar: 2014 Compliance Updates
Complimentary Live Webinar: 2014 Compliance Updates

  via MarketWired Review the updates to SOC, ISO, PCI, and FedRAMP standards August 21, 2014 – (Tampa, FL) ...