系统和组织控制(SOC)报告是由独立第三方审计师对盖雅进行审计而出具的独立审计报告,该报告向盖雅客户说明了盖雅的关键控制和控制目标。
SOC2报告是针对盖雅提供服务的安全性、可用性、机密性及隐私性相关的内控机制进行鉴证的独立审计报告。
审计是根据美国注册会计师协会 (AICPA) 制定的 SOC 2 可信服务标准与安全、可用及机密性相关的原则标准的独立审计。
SOC 2 报告以独立第三方审计公司的意见作为结论,体现了盖雅内部控制描述的客观性。同时审计事务所对盖雅内部控制的合理性进行评估,包括控制是否在指定周期内执行,是否执行有效。
SOC 2和SOC 3 报告都是根据SSAE 18标准进行的认证检查,主要区别在于SOC 2包含了详细的内控信息,是受控访问的报告,而SOC 3是SOC 2报告的精简版本,是面向公众的报告。
我方得悉安永华明会计师事务所(特殊普通合伙)上海分所(“安永”)已获苏州盖雅信息技术有限公司(“客户”)委托,提供SOC 2 类型二报告鉴证服务(“服务”)。我方已要求客户向我方提供安永就服务编撰的服务机构鉴证报告副本(包括当中任何部分、摘要及/或概要,称为“报告”)。
我方了解(1)所进行的服务及所编撰的报告,仅以客户为受益人及仅供客户使用,并非作任何其它用途;(2)安永概不会就服务或报告是否充分而对我方作出任何声明或保证;及(3)如安永已获委托提供额外服务或程序,安永可能已注意的其它事宜经已在报告中提及。
本服务不构成(1)按照公认审计准则对财务报表的审计、审阅或查核;(2)按照美国注册会计师协会/香港会计师公会/中国注册会计师协会或其他相关的注册会计师协会的专业准则对预期财务报表的查核;或(3) 发现舞弊或非法行为的程序。本服务也不包括执行任何程序以测试任何司法管辖区法律或法规的遵循情况。
我方进一步确认并同意(1)我方并未获得针对安永、任何其它全球安永网络的成员公司、或彼等各自的关联公司、合伙人、代理、代表或员工(合称“安永各方”)的任何权利,而安永概不会就服务或我方使用报告承担任何义务或责任;(2)我方不会依赖于报告;及(3)我方不会依据任何适用的证券法的任何条文对本函件之任何规定的有效性提出争议。
此外,除非是(1)在法律程序的强制下披露(在此情况下我方应立即通知安永并根据安永的选择为安永提供辩护);(2)报告中涉及的任何交易的税务处理及税务架构的任何内容(包括可能与理解任何交易的税务处理建议相关的任何事实);或(3)在安永的事先书面同意下披露,否则我方不会以口头或书面方式披露本报告,或在任何公开文件中为此事提及安永,或向任何第三方就此事提及安永。在我方获准披露本函件所载报告的范围内,我方只可披露由安永提供的该报告原始的、完整的及未经修改的版本,所有限制性的说明文字及其它约定应原封不动地予以保留,且我方将告知我们向其披露本报告的各方,不得为任何目的依赖、使用、传阅、引述或以其它方式参考报告。
我方(我们本身、我们的继任人及受让人)就此免除安永各方因我方就报告、使用报告或安永提供的服务而产生的针对安永各方的现有或其后可能提出或须提出的所有索赔及一切诉讼。我方将保障安永各方免受因下列事项引发的或与下列事项相关的索赔、责任、损失和服务费用,并将对安永各方进行补偿:(1)我方或我方代表违反本函件;及/或(2)任何直接或间接从我方或透过我方或按我方要求而获得报告的其他各方使用、披露或依赖报告。
本函件受中华人民共和国法律适用于其居民订约及全面履约的法律所规管,并按其诠释。
您需要对您通过盖雅官方渠道获取到SOC 2 Type II 报告承担相关保密责任,不得修改、散发报告或将报告传阅给第三方。如因您的违规行为造成盖雅及相关方财产或其他相关损失,您需要依照有关法律、法规、规章承担全部赔偿责任。
Ernst & Young Hua Ming LLP Shanghai Branch (“EY”) has prepared the attached report (the “Report”) for the sole benefit and use of Suzhou GaiaWorks IT Co., Ltd. (the “Company”), and, for limited purposes in accordance with the requirements of the American Institute of Certified Public Accountants (the “AICPA”), the Company’s existing user entities and their auditors. In addition, certain prospective user entities, identified by the Company (collectively, each a “Recipient”), may have access to the Report subject to the terms of this agreement.
Your access to the Report is subject to your agreement, on behalf of yourself and the Recipient, to the terms and conditions set forth below. Please read them carefully.
By clicking on the “I ACCEPT” button below, you signify that you and the Recipient agree to be bound by these terms and conditions. Such acceptance and agreement shall be deemed to be as effective as a written signature by you, on behalf of yourself and the Recipient, and this agreement shall be deemed to satisfy any writings requirement of any applicable law. Distribution or disclosure of any portion of the Report or any information or advice contained therein to persons other than the Company is prohibited, except as provided below.
1. EY was engaged by the Company to perform a Type 2 Examination of controls at the Company in accordance with the criteria for a description of a service organization’s system set forth in the Description Criteria DC section 200, 2018 Description Criteria for a Description of a Service Organization’s System in a SOC 2 Report (the “Description Criteria”) and the suitability of the design and operating effectiveness of controls included in the Description throughout the period from December 1, 2019 to May 31, 2020 to provide reasonable assurance that the service commitments and system requirements were achieved based on the trust services criteria for Security, Availability, Confidentiality and Privacy set forth in TSP section 100, 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (the “applicable trust services criteria”). The Recipient has requested the Company to provide it with a copy of the Report prepared by EY in connection with such engagement.
2. The Services were undertaken, and the Report was prepared, solely for the benefit and use of the Company, its existing user entities, and their auditors, and was not intended for any other purpose, including the use by prospective user entities of the Company. EY has made no representation or warranty to the Recipient as to the sufficiency of the Services or otherwise with respect to the Report. Had EY been engaged to perform additional services or procedures, other matters might have come to EY’s attention that would have been addressed in the Report.
3. The Services did not (a) constitute an audit, review or examination of financial statements in accordance with generally accepted auditing standards of the AICPA or the standards of the Public Company Accounting Oversight Board, (b) constitute an Examination of prospective financial statements in accordance with applicable professional standards or (c) include procedures to detect fraud or illegal acts to test compliance with the laws or regulations of any jurisdiction.
4. The Recipient (a) does not acquire any rights against EY, any other member firm of the global Ernst & Young network, or any of their respective affiliates, partners, agents, representatives or employees (collectively, the “EY Parties”), and EY assumes no duty or liability to the Recipient, in connection with the Services or its access to the Report; (b) may not rely on the Report; and (c) will not contend that any provisions of United States or state securities laws could invalidate or avoid any provision of this agreement.
5. Except where compelled by legal process (of which the Recipient shall promptly inform EY so that EY may seek appropriate protection), the Recipient will not disclose, orally or in writing, any Report or any portion thereof, or make any reference to EY in connection therewith, in any public document or to any third party.
6. The Recipient (for itself and its successors and assigns) hereby releases each of the EY Parties, from any and all claims or causes of action that the Recipient has, or hereafter may or shall have, against them in connection with the Report, the Recipient’s access to the Report, or EY’s performance of the Services. The Recipient shall indemnify, defend and hold harmless the EY Parties from and against all claims, liabilities, losses and expenses suffered or incurred by any of them arising out of or in connection with (a) any breach of this agreement by the Recipient or its representatives; and/or (b) any use or reliance on the Report by any party that obtains access to the Report, directly or indirectly, from or through the Recipient or at its request.
7. This agreement shall be governed by, and construed in accordance with, the laws of the People’s Republic of China applicable to agreements made and fully to be performed therein by residents thereof.
By entering your company information and your email you agree to be bound to the terms of this Agreement. If you are entering into this Agreement for an entity, such as the company you work for, you represent to us that you have legal authority to bind that entity.
