Get comfortable with SOC 2® reports. Avoid potential pitfalls. For service auditors and user entities new to SOC 2® reporting, not understanding the report contents can result in reporting deficiencies or inappropriate identification of key information. How will this course benefit you? This course presents the contents of each section of a SOC 2® report, highlighting key items of interest. As a user or user auditor, you will be better able to identify pertinent information that affects your organization or audit work. And as a service provider or service auditor, you will be better able to recognize what users are looking for and meet the requirements of SSAE No. 18.
Why take this course? Take this course as an introduction to SOC 2® reporting, to strengthen your foundational knowledge as you perform SOC 2® examinations as a service auditor or as you review SOC 2® reports as a user entity or user auditor.
• Service auditors with 0–2 years of experience • Service organization management • Users (user entities and user entity auditors) • Security managers involved in vendor management
•Recognize the sections within a SOC 2® report and responsibility for each, including complementary subservice organization controls (CSOCs).
•Identify key elements when reviewing a SOC 2® report, including complementary user entity controls (CUECs) and report opinion types.
•Recall considerations related to exceptions, bridge letters, and SOC 3® reports.
•Sections within a SOC 2® report
•Inclusive versus carve-out methods of reporting on controls at subservice organizations
•Report opinion types
•SOC 3® reporting