How to Decode Third-Party SOC 2 Reports

Instead of completing a full standards-based risk assessment, some vendors simply submit their most recent SOC 2 report. However, for organizations that lack the expertise and resources, interpreting these SOC 2 reports can be complex and time-consuming – not to mention inconsistent with how other vendors are assessed.

How do you simplify the process of analyzing SOC 2 reports and get what you need to visualize important vendor risks?

Join us as we discuss how to analyze the effectiveness of a vendor's security controls consistently with the rest of your third-party estate.

Learning Objectives:

• Deconstruct a typical SOC 2 report, including the five Trust Services Principles
• Explain how to map SOC 2 report control exceptions into risks in a common vendor risk and security framework
• Describe best practices to remediate a vendor's SOC 2 control deficiencies

Speaker:

Thomas Humphreys, Compliance Expert & Content Manager, Prevalent

Additional Information:

Field of Study: Management Services

Prerequisites: None

Advanced Preparation: None

Program Level: Basic

Delivery Method: Group Internet Based

CPE Credit Notice

This is a group internet-based event for NASBA authorized continuing education credit. OCEG webinars are free for anyone to attend, but only Attendees who have an OCEG All Access Pass will receive a Certificate of Completion for the webinar indicating 1 hour of CPE credit.

OCEG is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have the final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.nasbaregistry.org. For information regarding administrative issues such as complaints or refunds, please contact OCEG at info@oceg.org.