SOC 2: What, Why and How

DATE:
Wednesday
25
September
2024
TIME:
11:00
-
12:00
location:
Online

SOC 2 (Service Organization Control 2) is an information security control framework aimed at providing third-party assurance of a service organisation’s ability to manage and safeguard sensitive customer data.   The framework focuses on adhering to specific criteria (security, availability, processing integrity, confidentiality, and privacy) for key systems.  

SOC 2 assessments are conducted by independent certified public accountants (CPAs), who evaluate the effectiveness of your organisation's internal controls over a specified period. The flexibility of SOC 2 allows you to tailor your controls to specific needs, making it particularly relevant for SaaS organisations and, cloud providers, and data centres.   Unlike other information security standards such as the Payment Card Industry Data Security Standard (PCI DSS) and ISO 27001, you do not obtain certification against SOC 2.  Instead, the primary output of a SOC 2 audit is a SOC 2 report, which can then be passed on to any entities (typically customers) that have requested you achieve SOC 2.

In this webinar, URM will be looking to address the following questions:

  • What is SOC 2?  
    • What are the trust service criteria and how do you determine which of 5 Trust Service Criteria are applicable to your service?
    • What is the difference between a Type 1 and Type 2 Report? What are the pros and cons of each?
  • Why is SOC 2 increasing in popularity? We look at some of the benefits, including flexibility and customisation,  frequency of reporting and duration of assessment
  • Who does it apply to?  And what is a typical scope?  How do you determine which of your services and processes should be in scope?
  • How do you prepare for a SOC 2 audit?
    • What are the stages of a SOC 2 audit and what is involved?  What types of evidence will you need to provide?
    • How do you identify applicable sub-service organisations?
    • How do you engage a SOC 2 auditor?
  • What are the pitfalls to avoid?
  • What are the key success criteria?

Register for the event

Please note, we can only process business email addresses.

Submit your question

If you have any immediate questions, please use the form provided below to ask up to 3 questions.  You will also be able to ask additional questions during the session.  No question will be left unanswered.

Did you miss the live event? Do not worry. We are recording the webinar and make the recording available within 24 hours after the webinar.

Did you miss the live event? Do not worry. We have recorded the webinar for you. Please watch the introduction to the webinar below. For the full recording please register using the form below the video.

Please register using the form below and we will provide you with the link to the recorded webinar.

Register to watch recording

Please note, we can only process business email addresses.

Event