Description
Gain an understanding of what a SOC 1 and SOC 2 encompass, the general process, and the benefits of this type of report.Many companies are being faced with the requirement to receive SOC 1 or SOC 2 reports as part of the RFP process, or perhaps it’s something considered industry standard and required as a barrier of entry. Oftentimes, the thought of a security audit is not only nervewracking, but they also cost money. With that said, understanding exactly what type of report your organization needs and how the process should look is key to a successful audit. This presentation will help organizations gain an understanding of what a SOC 1 and SOC 2 encompass, the general process, and who can benefit from this type of report. Additionally, we will review the composition of the report so that if you are reviewing a SOC report as part of vendor due diligence, the key portions of the report can be navigated. This presentation is critical for cloud service organizations who are either considering the need for a SOC report or being required to obtain a SOC report in the future. Additionally, this presentation can be helpful for organizations that rely on cloud service organizations for critical business processes as part of the services being provided.
Date: 2023-07-14 Start Time: End Time:
Learning Objectives
Understanding a SOC 1
• Definition and Purpose of a SOC 1 Report
• Overview of the Audit Process for SOC 1 Reports
• Explanation of the Control Objectives and Key Focus Areas in SOC 1 Reports
• Examples of Industries and Organizations That Typically Require SOC 1 Reports
Understanding a SOC 2
• Definition and Purpose of a SOC 2 Report
• Explanation of the Five Trust Service Criteria: Security, Availability, Processing Integrity, Confidentiality, and Privacy
• Overview of the Audit Process for SOC 2 Reports
• Example of Control Areas and Best Practices Covered in SOC 2 Reports
• Industries and Organizations That Commonly Request SOC 2 Reports
Key Benefits and Use Cases
• Discussion on the Benefits of Receiving SOC 1 and SOC 2 Reports
• Examples of How SOC 1 and SOC 2 Reports Can Enhance Trust, Credibility, and Compliance
• Use Cases and Scenarios Where Organizations Commonly Utilize SOC 1 and SOC 2 Reports
Preparing for a SOC 1 and SOC 2 Audit
• Overview of the Necessary Preparations and Documentation Required for a Successful Audit
• Tips for Selecting the Right Audit Firm and Engagement With Auditors
• Commons Challenges and How to Address Them During the Audit Process
• Strategies for Maintaining Compliance Between Audit Period
Understanding a SOC 3
• Definition and Purpose of a SOC 3 Report
• Restricted Reports vs. General Use Reports
Jaclynn Finney-Linford & Company, LLP, Hilary Stavrakas – Linford & Company, LLP
