SOC 2 Compliance: ALL The Essentials Simplified

SOC 2 isn't the only SOC out there! 🧦

In this episode Cera Adams breaks down these SOC reports and what to expect in a SOC audit!

Here are a few highlights from this episode:

Why CPAs are involved
What SOC 1 / SOC 2 / SOC 3 reports mean to providers and consumers
Difference between SOC 2 Type 1 and Type 2 reports
How SOC scoping and audits work
SOC consulting/audit independence requirements

Cera is the Director of IT Assurance Services and leads OCD Tech's SOC 2 and IT Audit Practices. She has more than 20 years of experience in information security!

I've spent most of my career working in the NIST cybersecurity space, so this was very interesting to me!

I thought that the SOC 3 report was interesting, especially since many other frameworks don't have an equivalent.

What were your takeaways? What is your best SOC pun? Let me know in the comments!

Follow Cera on LinkedIn:   / ceraadams  

OCD Tech Website: https://ocd-tech.com/

-----------

Thanks to our sponsor Vanta!

Want to save time filling out security questionnaires?

Experience questionnaire automation here: https://vanta.com/grcacademy

-----------

Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform!

Online GRC Training: https://grcacademy.io/courses/?utm_so...

00:00 Beginning
00:57 Background on SOC
02:47 SOC 2022 Update
03:33 Who Needs SOC and Scoping
05:13 SOC 1
08:24 SOC 2
15:33 SOC 3
16:34 SOC Compared to other Cyber Assessments
20:35 War Stories
21:47 Conclusion

#soc2 #cybersecurity #informationsecurity