How to Decode Third-Party SOC 2 Reports Recording
Join this webinar to learn how to analyze the effectiveness of a vendor's security controls consistently with the rest of your third-party estate.
Instead of completing a full standards-based risk assessment, some vendors simply submit their most recent SOC 2 report. However, for organizations that lack the expertise and resources, interpreting these SOC 2 reports can be complex and time-consuming – not to mention inconsistent with how other vendors are assessed.
How do you simplify the process of analyzing SOC 2 reports and get what you need to visualize important vendor risks?
Join us as we discuss how to analyze the effectiveness of a vendor's security controls consistently with the rest of your third-party estate.
- Deconstruct a typical SOC 2 report, including the five Trust Services Principles
- Explain how to map SOC 2 report control exceptions into risks in a common vendor risk and security framework
- Describe best practices to remediate a vendor's SOC 2 control deficiencies
Thomas Humphreys, Compliance Expert & Content Manager, Prevalent