NASBA Field of Study
Sections within a SOC 2 report
Inclusive versus carve-out methods of reporting on controls at subservice organizations
Report opinion types
SOC 3 reporting
Recognize the sections within a SOC 2 report and responsibility for each, including complementary subservice organization controls (CSOCs).
Identify key elements when reviewing a SOC 2 report, including complementary user entity controls (CUECs) and report opinion types.
Recall considerations related to exceptions, bridge letters, and SOC 3® reports.
Service auditors with 0−2 years of experience
Service organization management
Users (user entities and user entity auditors)
Security managers involved in vendor management