Self-Study Course Details
Course Description
System and Organization Controls (SOC) Assessments are used by service organizations that provide critical, third-party outsourcing services to other companies. Examples of services provided by these organizations include; customer support, health care claims management, IT outsourcing services, and IT-based transaction processing, such as payroll processing.
Although these relationships may help companies increase revenues and reduce costs, they also introduce a new level of risk arising from interactions with the service organization and its systems.
While management can delegate responsibility for specific functions or processes to a service organization, management is still accountable for controls over those activities to shareholders, regulators, customers, boards of directors and other affected parties.
Since service organizations may have hundreds or even thousands of individual customers using their services, handling audit requests from that many customers would be overwhelming for the service provider. To help manage that audit process, the service organization can engage for an independent outside party to perform a review of their controls that are relevant to the security, availability, integrity and confidentiality of its systems. This is the concept of “audit once – serve many” reporting.
While a SOC 1 assessment focuses on Internal Control over Financial Reporting (ICFR), in this course, we will explore the SOC 2 assessment that focuses on Trust Services Criteria and the scope/timing of testing that can be included in the SOC 2 report.
Learning Objectives
- Identify the Seventeen Principles of the COSO Integrated Control Framework, and how they apply to the SOC 2 Assessment.
- Recognize the Five Trust Services Criteria: Security, Availability, Processing Integrity, Confidentiality and Privacy, and the impact they have on the SOC 2 Assessment.
- Discover the details of the Security Criteria, including: Logical and Physical Access Controls, Systems Operations Controls, Change Management Controls and Risk Mitigation Controls.
- Distinguish between the different sections of a SOC 2 report.
Prerequisites
- None
Advanced Preparation
None
Author Details
-
Doug Menendez
Doug has over 40 years of experience in IT Audit, Security, Compliance, and Risk Management in a variety of industries. He is currently an Instructor in Webster University’s nationally recognized Cybersecurity program. Doug holds an MBA from Saint Louis University, and is a Certified Internal Auditor (CIA) and Certified Information Systems Auditor (CISA). He served on the Board of Directors of CyberUp, A St. Louis-based nonprofit organization that focuses on cybersecurity apprenticeships and youth education programs. Doug was also on the Executive Committee of GHECC, the Gateway Higher Education Cybersecurity Consortium. He is a published author in books and professional journals, and is an experienced speaker at local, regional, national and international conferences.
About Security, Audit & Recovery Solutions, LLC
Doug launched his own LLC in 2019, providing solutions to clients with Cybersecurity, IT Audit and Risk Management needs.
NASBA Sponsor
-
Encoursa is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: NASBAregistry.org.
$79.00
CPE
-
Webinars: CPE certificates will be accessible through your dashboard 1 hour after a webinar concludes.
Self-Study: CPE certificates will be accessible through your dashboard immediately after passing the qualified assessment.
For specific instructions on accessing your CPE, please see our FAQ section on our support page.
- Multiple Attendees on Webinars: Each attendee should register separately for the webinar. If more than 1 attendee participated from the same device, please contact us after the event to let us know. For group signups for paid events, please contact us.
Purchase options
Self-Study Course
Introduction to SOC 2 Assessments for Service Organizations
- by Doug Menendez
- Credits: 9.00
$79.00
All-Access Pass
Get a Full Year of Unlimited Training With One Purchase.
- 12+ Unique Premium Webinars Each Month
- 800+ CPE Hours of On-Demand Self-Study Content
- Track CPE Courses and Support in the Cloud
- Save an average of $500+ per year on CPE