Elifoglu, I. HilmiGuzey, YildizTasseven, Ozlem2024-03-132024-03-1320140034-6454https://hdl.handle.net/20.500.12662/4078The Information Technology (IT) field has a habit of using buzzwords. Cloud Computing is one of these terms. Some companies are embracing the Cloud with enthusiasm, others are planning to use it, yet some have not heard about it. By 2020, 40 percent of digital information is expected to be created in the cloud, delivered to the cloud, or stored and manipulated in the cloud. 1 Clearly, the Cloud is here to stay. As seen during the last four decades, access to the latest technologies may be disruptive when they are not understood clearly. Just like any other new technology, cloud computing will impact many functional areas in a business enterprise. Before 2011, Cloud computing had been considered as a special case of outsourced IT operations by the American Institute of Certified Public Accountants (AICPA). In a typical outsourcing, the service user entity engaged a service organization to perform some of the business processes or functions on its behalf. As a large scale version of outsourcing, Cloud Computing will create new challenges and complications for management and auditors. After the replacement of Statement on Auditing Standards (SAS) 70 with Statement on Standards for Attestation Engagements (SSAE) 16 ( similar to the International Standard on Assurance Engagements (ISAE) 3402), most Cloud Service Providers will provide assurances to the Cloud Service Users within the framework of attestation standards instead of auditing standards. Outsourcing presents some challenges in itself, and cloud computing further complicates those challenges. The new framework allows three different deployment models in the form of Service Organization Controls (SOC), SOC 1, SOC 2, and SOC 3. It is crucial that cloud service providers and cloud service users and their auditors should carefully consider alternative SOC deployment models. The right SOC deployment model for the Cloud is SOC 2 or SOC 3. Unfortunately, many cloud providers are opting out for SOC 12 leaving little room for the development of SOC 2 reports.eninfo:eu-repo/semantics/closedAccessArticle8317635WOS:000420073700009N/A