This webcast will walk you through a SOC 2 report, giving you enhanced knowledge of essential information for preparing or reviewing SOC 2 reports. Avoid potential pitfalls. For service auditors and user entities new to SOC 2 reporting, not understanding the report contents can result in reporting deficiencies or inappropriate identification of key information. This webcast presents the contents of each section of a SOC 2 report, highlighting key items of interest. As a user or user auditor, you will be better able to identify pertinent information that affects your organization or audit work. And as a service provider or service auditor, you will be better able to recognize what users are looking for and meet the requirements of SSAE No. 18. Take this course as an introduction to SOC 2 reporting, to strengthen your foundational knowledge as you perform SOC 2 examinations as a service auditor or as you review SOC 2 reports as a user entity or user auditor.
DESIGNED FOR
'- Service auditors with 0−2 years of experience
- Service organization management
- Users (user entities and user entity auditors)
- Security managers involved in vendor management
BENEFITS
- Recognize the sections within a SOC 2 report and responsibility for each, including complementary subservice organization controls (CSOCs).
- Identify key elements when reviewing a SOC 2 report, including complementary user entity controls (CUECs) and report opinion types
- Recall considerations related to exceptions, bridge letters, and SOC 3® reports.
HIGHLIGHTS
Sections within a SOC 2 report
CUEC considerations
Inclusive versus carve-out methods of reporting on controls at sub-service organizations
Report opinion types
SOC 3 reporting
Bridge letters COURSE LEVEL
Basic
PREREQUISITES
None