SlideShare a Scribd company logo

SOC 1 Overview

Schellman & Company
Schellman & Company

To compete in today's marketplace, your customers must have trust and confidence in your environment. The popularity of the SOC 1 report has been amplified with an increase in outsourcing relationships and customer mandates for a stronger control environment. * Review of the background and history * Definition of the AICPA Framework * Overview of the purpose and scope * Discussion of boundaries and benefits * Requirements of the examination process * Outline the anatomy of the report

Business
1 of 58
Download to read offline
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved Background & Overview 01 ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved OVERVIEW • SSAE 16 • SOC 1 • AT Section 801 • ISAE 3402
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved SERVICE AUDITORS ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved SERVICE PROVIDERS
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved USER ENTITIES
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved USER AUDITORS
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved Overview of the AICPA Framework 02 ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved AICPA SOC FRAMEWORK Applicable SOC-1 SOC-2 SOC-3 Standard/Guidance SSAE 16: AICPA Guide (2013) AT 101: AICPA Guide (2013) AT 101: Technical Practice Aid (2014) Scope ICFR Security/Systems, Privacy Security/Systems, Privacy Criteria Control Objectives Trust Services Principles/GAPP Trust Services Principles/GAPP Usage of report User auditor, user entity, management of SO Knowledgeable parties Anyone
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved Purpose & Scope 03 ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved WHY DO YOU NEED AN SOC REPORT? Regulatory requirements User entity mandates Outsourcing relationships Internal control analysis Independent 3rd party opinion Competition and market
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved Focused on financial reporting risks
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved SPECIFIED BY THE SERVICE ORGANIZATION • Operational/Application • General IT controls
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved The Boundaries 04 ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved If there is internal control over financial reporting relevance, there is SOC 1 examination!
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved BOUNDARIES • What SOC 1 does cover? • What SOC 1 does cover?
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved BOUNDARIES • Limited for specific users • Limited purpose
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved The Anatomy 05 ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved Service Auditor’s Report – “The Opinion” Management’s Assertion Description of the System Tests of Controls and Corresponding Results Additional Information – Provided by Service Organization REPORT STRUCTURE
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved Unqualified vs. Qualified SERVICE AUDITOR’S REPORT
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Commitment - suitability and accuracy • SOX Section 302 certification • Subservice organizations MANAGEMENT’S ASSERTION
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved Objective description of the services SYSTEM DESCRIPTION
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved Management’s objective description of the services provided to user entities. SYSTEM DESCRIPTION
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Test procedures • Results • Deviations / Exceptions TEST OF CONTROLS / RESULTS
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved Information not related to ICFR ADDITIONAL INFORMATION
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved Common Challenges and Benefits05 ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Impact on financial reporting • Legal / regulatory compliance • Impact on production /quality RELEVANCE TO CUSTOMERS’ ICFR
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved RELEVANCE TO CUSTOMERS’ ICFR • No financial reporting impact • Misuse of the report
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved RELEVANCE TO CUSTOMERS’ ICFR • Accurate use of report • User auditor expectations
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Contracts, RFP, SLA • AICPA website • Training and awareness • Executive communication • Discussion with service auditor EDUCATION & PREPAREDNESS
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved EDUCATION & PREPAREDNESS • Insufficient timing • Silos / groups
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved EDUCATION & PREPAREDNESS • Demonstrates management’s responsibility and accountability • Promotes successful examination efforts
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved CUSTOMER REQUIREMENTS • Document client needs • Client discussions • Decide on report type
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved CUSTOMER REQUIREMENTS • Choosing the correct report • Trying to meet multiple compliance efforts as a single deliverable
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved CUSTOMER REQUIREMENTS • Meet ICFR regulatory or contractual mandates • Bolster trust and confidence • One exam meets multiple customer requests • Promote a stronger control environment
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved CARVE-OUT VS INCLUSIVE • Carve-out method emphasis • Subservice organization • Inclusive method requirements
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved CARVE-OUT VS INCLUSIVE • Obtaining cooperation / documentation for subservice organization(s)
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved CARVE-OUT VS INCLUSIVE • Focused and tailored report
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Type 1 • Type 2 REPORT TYPE
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Insufficient coverage • Implementation of controls REPORT TYPE
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Both attestation reports • Timeliness of report • Report coverage and content REPORT TYPE
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved Perform a risk assessment RISK ASSESSMENT & SCOPE
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Accurate scope • Control identification RISK ASSESSMENT & SCOPE
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Pre-planning process • Better understanding of environment • Early identification of issues RISK ASSESSMENT & SCOPE
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Direct assistance • Use work of others INTERNAL AUDIT ASSISTANCE
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Learning curve • Difference in testing strategies INTERNAL AUDIT ASSISTANCE
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Professional fees and time • Understanding of environment • Evidence gathering and management INTERNAL AUDIT ASSISTANCE
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Internally • Service auditors READINESS ASSESSMENT
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Inaccurate description of process • Lack of resources READINESS ASSESSMENT
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Increase success in the audit • Earlier remediation efforts • Better preparation • Documentation of the narrative READINESS ASSESSMENT
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Policies/Procedures • Segregation of duties • Monitoring REMEDIATION
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Insufficient planning • Resource constraints • Timely remediation REMEDIATION
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Meet ICFR regulatory or contractual mandates • Bolster confidence • Promote a stronger control environment REMEDIATION
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Licensed CPA firm • Independent • Single Vendor Approach • Audit Team AUDIT FIRM SELECTION
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Lack of mature methodology • Remote only testing • Use of offshore resources AUDIT FIRM SELECTION
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Acceptable auditor to auditor communication • Value-added controls assessment process AUDIT FIRM SELECTION
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • SOC Overview • Examination Scoping • RFP Template • Sample Report Download SOC 1 PrepKit

Recommended

SOC 2: Build Trust and Confidence
SOC 2: Build Trust and ConfidenceSOC 2: Build Trust and Confidence
SOC 2: Build Trust and ConfidenceSchellman & Company
 
SOC 2 and You
SOC 2 and YouSOC 2 and You
SOC 2 and YouSchellman & Company
 
SOC 2 Compliance and Certification
SOC 2 Compliance and CertificationSOC 2 Compliance and Certification
SOC 2 Compliance and CertificationControlCase
 
HITRUST 101: All the basics you need to know
HITRUST 101: All the basics you need to knowHITRUST 101: All the basics you need to know
HITRUST 101: All the basics you need to know➲ Stella Bridges
 
ISO 37301 Compliance Management Systems
ISO 37301 Compliance Management SystemsISO 37301 Compliance Management Systems
ISO 37301 Compliance Management SystemsNimonik
 
ISO 27001:2022 Introduction
ISO 27001:2022 IntroductionISO 27001:2022 Introduction
ISO 27001:2022 IntroductionAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Everything You Need To Know About SOC 1
Everything You Need To Know About SOC 1Everything You Need To Know About SOC 1
Everything You Need To Know About SOC 1Schellman & Company
 
Soc 2 attestation or ISO 27001 certification - Which is better for organization
Soc 2 attestation or ISO 27001 certification - Which is better for organizationSoc 2 attestation or ISO 27001 certification - Which is better for organization
Soc 2 attestation or ISO 27001 certification - Which is better for organizationVISTA InfoSec
 

Recommended

SOC 2: Build Trust and Confidence
SOC 2: Build Trust and ConfidenceSOC 2: Build Trust and Confidence
SOC 2: Build Trust and ConfidenceSchellman & Company
 
SOC 2 and You
SOC 2 and YouSOC 2 and You
SOC 2 and YouSchellman & Company
 
SOC 2 Compliance and Certification
SOC 2 Compliance and CertificationSOC 2 Compliance and Certification
SOC 2 Compliance and CertificationControlCase
 
HITRUST 101: All the basics you need to know
HITRUST 101: All the basics you need to knowHITRUST 101: All the basics you need to know
HITRUST 101: All the basics you need to know➲ Stella Bridges
 
ISO 37301 Compliance Management Systems
ISO 37301 Compliance Management SystemsISO 37301 Compliance Management Systems
ISO 37301 Compliance Management SystemsNimonik
 
ISO 27001:2022 Introduction
ISO 27001:2022 IntroductionISO 27001:2022 Introduction
ISO 27001:2022 IntroductionAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Everything You Need To Know About SOC 1
Everything You Need To Know About SOC 1Everything You Need To Know About SOC 1
Everything You Need To Know About SOC 1Schellman & Company
 
Soc 2 attestation or ISO 27001 certification - Which is better for organization
Soc 2 attestation or ISO 27001 certification - Which is better for organizationSoc 2 attestation or ISO 27001 certification - Which is better for organization
Soc 2 attestation or ISO 27001 certification - Which is better for organizationVISTA InfoSec
 
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPrivacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPECB
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdfControlCase
 
10 Benefits of Implementing ISO/IEC 20000 in an Organization
10 Benefits of Implementing ISO/IEC 20000 in an Organization10 Benefits of Implementing ISO/IEC 20000 in an Organization
10 Benefits of Implementing ISO/IEC 20000 in an OrganizationPECB
 
ITIL and ISO 20000: Fundamentals and necessary compliance Synergies
ITIL and ISO 20000: Fundamentals and necessary compliance SynergiesITIL and ISO 20000: Fundamentals and necessary compliance Synergies
ITIL and ISO 20000: Fundamentals and necessary compliance SynergiesPECB
 
IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubKaushal Trivedi
 
Project plan for ISO 27001
Project plan for ISO 27001Project plan for ISO 27001
Project plan for ISO 27001technakama
 
Cobit 5 - An Overview
Cobit 5 - An OverviewCobit 5 - An Overview
Cobit 5 - An OverviewAnurag Purohit
 
It audit methodologies
It audit methodologiesIt audit methodologies
It audit methodologiesSalih Islam
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaFahmi Albaheth
 
Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Hendri Eka Saputra
 
IT System & Security Audit
IT System & Security AuditIT System & Security Audit
IT System & Security AuditMufaddal Nullwala
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingOperational Excellence Consulting
 
NQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation GuideNQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation GuideNA Putra
 
Introduction to PCI DSS
Introduction to PCI DSSIntroduction to PCI DSS
Introduction to PCI DSSSaumya Vishnoi
 
Adarsh Resume ISO27001
Adarsh Resume ISO27001Adarsh Resume ISO27001
Adarsh Resume ISO27001Adarsh HIRENALLUR
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awarenessÃsħâr Ãâlâm
 
ISO 20000-1:2018 Awareness and Auditor Training PPT Presentation kit for ITSM
ISO 20000-1:2018 Awareness and Auditor Training PPT Presentation kit for ITSMISO 20000-1:2018 Awareness and Auditor Training PPT Presentation kit for ITSM
ISO 20000-1:2018 Awareness and Auditor Training PPT Presentation kit for ITSMGlobal Manager Group
 
Presentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCMPresentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCMShantanu Rai
 
New ISO 37301:2021
New ISO 37301:2021New ISO 37301:2021
New ISO 37301:2021Hernan Huwyler, MBA CPA
 
Iso 20000 standard implementation
Iso 20000 standard implementationIso 20000 standard implementation
Iso 20000 standard implementationIITSW Company
 
Hitrust: Navigating to 2017, Your Map to HITRUST Certification
Hitrust: Navigating to 2017, Your Map to HITRUST CertificationHitrust: Navigating to 2017, Your Map to HITRUST Certification
Hitrust: Navigating to 2017, Your Map to HITRUST CertificationSchellman & Company
 
CSA STAR Program
CSA STAR ProgramCSA STAR Program
CSA STAR ProgramSchellman & Company
 

More Related Content

What's hot

Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPrivacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPECB
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdfControlCase
 
10 Benefits of Implementing ISO/IEC 20000 in an Organization
10 Benefits of Implementing ISO/IEC 20000 in an Organization10 Benefits of Implementing ISO/IEC 20000 in an Organization
10 Benefits of Implementing ISO/IEC 20000 in an OrganizationPECB
 
ITIL and ISO 20000: Fundamentals and necessary compliance Synergies
ITIL and ISO 20000: Fundamentals and necessary compliance SynergiesITIL and ISO 20000: Fundamentals and necessary compliance Synergies
ITIL and ISO 20000: Fundamentals and necessary compliance SynergiesPECB
 
IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubKaushal Trivedi
 
Project plan for ISO 27001
Project plan for ISO 27001Project plan for ISO 27001
Project plan for ISO 27001technakama
 
It audit methodologies
It audit methodologiesIt audit methodologies
It audit methodologiesSalih Islam
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaFahmi Albaheth
 
Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Hendri Eka Saputra
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingOperational Excellence Consulting
 
NQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation GuideNQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation GuideNA Putra
 
Introduction to PCI DSS
Introduction to PCI DSSIntroduction to PCI DSS
Introduction to PCI DSSSaumya Vishnoi
 
ISO 20000-1:2018 Awareness and Auditor Training PPT Presentation kit for ITSM
ISO 20000-1:2018 Awareness and Auditor Training PPT Presentation kit for ITSMISO 20000-1:2018 Awareness and Auditor Training PPT Presentation kit for ITSM
ISO 20000-1:2018 Awareness and Auditor Training PPT Presentation kit for ITSMGlobal Manager Group
 
Presentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCMPresentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCMShantanu Rai
 
Iso 20000 standard implementation
Iso 20000 standard implementationIso 20000 standard implementation
Iso 20000 standard implementationIITSW Company
 

What's hot (20)

Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPrivacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf
 
10 Benefits of Implementing ISO/IEC 20000 in an Organization
10 Benefits of Implementing ISO/IEC 20000 in an Organization10 Benefits of Implementing ISO/IEC 20000 in an Organization
10 Benefits of Implementing ISO/IEC 20000 in an Organization
 
ITIL and ISO 20000: Fundamentals and necessary compliance Synergies
ITIL and ISO 20000: Fundamentals and necessary compliance SynergiesITIL and ISO 20000: Fundamentals and necessary compliance Synergies
ITIL and ISO 20000: Fundamentals and necessary compliance Synergies
 
IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit Club
 
Project plan for ISO 27001
Project plan for ISO 27001Project plan for ISO 27001
Project plan for ISO 27001
 
Cobit 5 - An Overview
Cobit 5 - An OverviewCobit 5 - An Overview
Cobit 5 - An Overview
 
It audit methodologies
It audit methodologiesIt audit methodologies
It audit methodologies
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan Mustafa
 
Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)
 
IT System & Security Audit
IT System & Security AuditIT System & Security Audit
IT System & Security Audit
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
 
NQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation GuideNQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation Guide
 
Introduction to PCI DSS
Introduction to PCI DSSIntroduction to PCI DSS
Introduction to PCI DSS
 
Adarsh Resume ISO27001
Adarsh Resume ISO27001Adarsh Resume ISO27001
Adarsh Resume ISO27001
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awareness
 
ISO 20000-1:2018 Awareness and Auditor Training PPT Presentation kit for ITSM
ISO 20000-1:2018 Awareness and Auditor Training PPT Presentation kit for ITSMISO 20000-1:2018 Awareness and Auditor Training PPT Presentation kit for ITSM
ISO 20000-1:2018 Awareness and Auditor Training PPT Presentation kit for ITSM
 
Presentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCMPresentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCM
 
New ISO 37301:2021
New ISO 37301:2021New ISO 37301:2021
New ISO 37301:2021
 
Iso 20000 standard implementation
Iso 20000 standard implementationIso 20000 standard implementation
Iso 20000 standard implementation
 

Similar to SOC 1 Overview

Hitrust: Navigating to 2017, Your Map to HITRUST Certification
Hitrust: Navigating to 2017, Your Map to HITRUST CertificationHitrust: Navigating to 2017, Your Map to HITRUST Certification
Hitrust: Navigating to 2017, Your Map to HITRUST CertificationSchellman & Company
 
Innovation TVA Presentation Deck
Innovation TVA Presentation DeckInnovation TVA Presentation Deck
Innovation TVA Presentation DeckJoe Scherrer
 
Facilities Management - Extending Service Automation to Outside Contractors
Facilities Management - Extending Service Automation to Outside ContractorsFacilities Management - Extending Service Automation to Outside Contractors
Facilities Management - Extending Service Automation to Outside ContractorsServiceChannel
 
The Customer Success Nuances of On Premise Solutions
The Customer Success Nuances of On Premise SolutionsThe Customer Success Nuances of On Premise Solutions
The Customer Success Nuances of On Premise SolutionsGainsight
 
2 dean lightwood debt sale (4 3)
2 dean lightwood debt sale (4 3)2 dean lightwood debt sale (4 3)
2 dean lightwood debt sale (4 3)CCR-interactive
 
Closing the Loop on Survey Programs
Closing the Loop on Survey ProgramsClosing the Loop on Survey Programs
Closing the Loop on Survey ProgramsGainsight
 
How Gainsight's CEO Uses Gainsight
How Gainsight's CEO Uses GainsightHow Gainsight's CEO Uses Gainsight
How Gainsight's CEO Uses GainsightGainsight
 
How Gainsight's CEO Uses Gainsight
How Gainsight's CEO Uses GainsightHow Gainsight's CEO Uses Gainsight
How Gainsight's CEO Uses GainsightPaul Slakey
 
Working Cross-Functionally at Gainsight
Working Cross-Functionally at GainsightWorking Cross-Functionally at Gainsight
Working Cross-Functionally at GainsightGainsight
 
Salesforce.com Relaunch Featuring Customer Success Story From Aon
Salesforce.com Relaunch Featuring Customer Success Story From AonSalesforce.com Relaunch Featuring Customer Success Story From Aon
Salesforce.com Relaunch Featuring Customer Success Story From AonRightpoint
 
Issues Management In The Digital Age
Issues Management In The Digital AgeIssues Management In The Digital Age
Issues Management In The Digital AgeCharlie Pownall
 
Best practices in CSM compensation with customer success leaders
Best practices in CSM compensation with customer success leadersBest practices in CSM compensation with customer success leaders
Best practices in CSM compensation with customer success leadersGainsight
 
How to Use Tax Returns for Global Cash Flow with Multiple Pass-Through Entities
How to Use Tax Returns for Global Cash Flow with Multiple Pass-Through EntitiesHow to Use Tax Returns for Global Cash Flow with Multiple Pass-Through Entities
How to Use Tax Returns for Global Cash Flow with Multiple Pass-Through EntitiesLibby Bierman
 
Customer Success Webinar Series: How to Align your Company Around an Onboardi...
Customer Success Webinar Series: How to Align your Company Around an Onboardi...Customer Success Webinar Series: How to Align your Company Around an Onboardi...
Customer Success Webinar Series: How to Align your Company Around an Onboardi...Gainsight
 
Pulse 2016: Managing Sponsor Change
Pulse 2016: Managing Sponsor ChangePulse 2016: Managing Sponsor Change
Pulse 2016: Managing Sponsor ChangeMatt Hensler
 
"How to Re-Energize Your Digital Analytics Program" - Hyatt + WAD, Digital Ve...
"How to Re-Energize Your Digital Analytics Program" - Hyatt + WAD, Digital Ve..."How to Re-Energize Your Digital Analytics Program" - Hyatt + WAD, Digital Ve...
"How to Re-Energize Your Digital Analytics Program" - Hyatt + WAD, Digital Ve...Tealium
 
Getting Value From Gainsight
Getting Value From GainsightGetting Value From Gainsight
Getting Value From GainsightGainsight
 
The keys to scaling your customer success program
The keys to scaling your customer success programThe keys to scaling your customer success program
The keys to scaling your customer success programGainsight
 
Usage Data or Not, Customer Success is still Customer Success
Usage Data or Not, Customer Success is still Customer SuccessUsage Data or Not, Customer Success is still Customer Success
Usage Data or Not, Customer Success is still Customer SuccessAnjanette Hill Mendoza
 

Similar to SOC 1 Overview (20)

Hitrust: Navigating to 2017, Your Map to HITRUST Certification
Hitrust: Navigating to 2017, Your Map to HITRUST CertificationHitrust: Navigating to 2017, Your Map to HITRUST Certification
Hitrust: Navigating to 2017, Your Map to HITRUST Certification
 
CSA STAR Program
CSA STAR ProgramCSA STAR Program
CSA STAR Program
 
Innovation TVA Presentation Deck
Innovation TVA Presentation DeckInnovation TVA Presentation Deck
Innovation TVA Presentation Deck
 
Facilities Management - Extending Service Automation to Outside Contractors
Facilities Management - Extending Service Automation to Outside ContractorsFacilities Management - Extending Service Automation to Outside Contractors
Facilities Management - Extending Service Automation to Outside Contractors
 
The Customer Success Nuances of On Premise Solutions
The Customer Success Nuances of On Premise SolutionsThe Customer Success Nuances of On Premise Solutions
The Customer Success Nuances of On Premise Solutions
 
2 dean lightwood debt sale (4 3)
2 dean lightwood debt sale (4 3)2 dean lightwood debt sale (4 3)
2 dean lightwood debt sale (4 3)
 
Closing the Loop on Survey Programs
Closing the Loop on Survey ProgramsClosing the Loop on Survey Programs
Closing the Loop on Survey Programs
 
How Gainsight's CEO Uses Gainsight
How Gainsight's CEO Uses GainsightHow Gainsight's CEO Uses Gainsight
How Gainsight's CEO Uses Gainsight
 
How Gainsight's CEO Uses Gainsight
How Gainsight's CEO Uses GainsightHow Gainsight's CEO Uses Gainsight
How Gainsight's CEO Uses Gainsight
 
Working Cross-Functionally at Gainsight
Working Cross-Functionally at GainsightWorking Cross-Functionally at Gainsight
Working Cross-Functionally at Gainsight
 
Salesforce.com Relaunch Featuring Customer Success Story From Aon
Salesforce.com Relaunch Featuring Customer Success Story From AonSalesforce.com Relaunch Featuring Customer Success Story From Aon
Salesforce.com Relaunch Featuring Customer Success Story From Aon
 
Issues Management In The Digital Age
Issues Management In The Digital AgeIssues Management In The Digital Age
Issues Management In The Digital Age
 
Best practices in CSM compensation with customer success leaders
Best practices in CSM compensation with customer success leadersBest practices in CSM compensation with customer success leaders
Best practices in CSM compensation with customer success leaders
 
How to Use Tax Returns for Global Cash Flow with Multiple Pass-Through Entities
How to Use Tax Returns for Global Cash Flow with Multiple Pass-Through EntitiesHow to Use Tax Returns for Global Cash Flow with Multiple Pass-Through Entities
How to Use Tax Returns for Global Cash Flow with Multiple Pass-Through Entities
 
Customer Success Webinar Series: How to Align your Company Around an Onboardi...
Customer Success Webinar Series: How to Align your Company Around an Onboardi...Customer Success Webinar Series: How to Align your Company Around an Onboardi...
Customer Success Webinar Series: How to Align your Company Around an Onboardi...
 
Pulse 2016: Managing Sponsor Change
Pulse 2016: Managing Sponsor ChangePulse 2016: Managing Sponsor Change
Pulse 2016: Managing Sponsor Change
 
"How to Re-Energize Your Digital Analytics Program" - Hyatt + WAD, Digital Ve...
"How to Re-Energize Your Digital Analytics Program" - Hyatt + WAD, Digital Ve..."How to Re-Energize Your Digital Analytics Program" - Hyatt + WAD, Digital Ve...
"How to Re-Energize Your Digital Analytics Program" - Hyatt + WAD, Digital Ve...
 
Getting Value From Gainsight
Getting Value From GainsightGetting Value From Gainsight
Getting Value From Gainsight
 
The keys to scaling your customer success program
The keys to scaling your customer success programThe keys to scaling your customer success program
The keys to scaling your customer success program
 
Usage Data or Not, Customer Success is still Customer Success
Usage Data or Not, Customer Success is still Customer SuccessUsage Data or Not, Customer Success is still Customer Success
Usage Data or Not, Customer Success is still Customer Success
 

More from Schellman & Company

Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018Schellman & Company
 
Determining Scope for PCI DSS Compliance
Determining Scope for PCI DSS ComplianceDetermining Scope for PCI DSS Compliance
Determining Scope for PCI DSS ComplianceSchellman & Company
 
Privacy shield: What You Need To Know About Storing EU Data
Privacy shield: What You Need To Know About Storing EU DataPrivacy shield: What You Need To Know About Storing EU Data
Privacy shield: What You Need To Know About Storing EU DataSchellman & Company
 
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...Schellman & Company
 
PA-DSS and Application Penetration Testing
PA-DSS and Application Penetration TestingPA-DSS and Application Penetration Testing
PA-DSS and Application Penetration TestingSchellman & Company
 
The CSA STAR Program: Certification & Attestation
The CSA STAR Program: Certification & AttestationThe CSA STAR Program: Certification & Attestation
The CSA STAR Program: Certification & AttestationSchellman & Company
 
STAND OUT: Why You Should Become ISO 27001 Certified
STAND OUT: Why You Should Become ISO 27001 CertifiedSTAND OUT: Why You Should Become ISO 27001 Certified
STAND OUT: Why You Should Become ISO 27001 CertifiedSchellman & Company
 
Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018
Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018
Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018Schellman & Company
 
PCI DSS 3.0 Overview and Key Updates
PCI DSS 3.0 Overview and Key UpdatesPCI DSS 3.0 Overview and Key Updates
PCI DSS 3.0 Overview and Key UpdatesSchellman & Company
 
10 Steps Toward FedRAMP Compliance
10 Steps Toward FedRAMP Compliance10 Steps Toward FedRAMP Compliance
10 Steps Toward FedRAMP ComplianceSchellman & Company
 
Your've Been Hacked in Florida! Now What?
Your've Been Hacked in Florida! Now What?Your've Been Hacked in Florida! Now What?
Your've Been Hacked in Florida! Now What?Schellman & Company
 

More from Schellman & Company (15)

Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018
 
Demystifying the Cyber NISTs
Demystifying the Cyber NISTsDemystifying the Cyber NISTs
Demystifying the Cyber NISTs
 
Determining Scope for PCI DSS Compliance
Determining Scope for PCI DSS ComplianceDetermining Scope for PCI DSS Compliance
Determining Scope for PCI DSS Compliance
 
Privacy shield: What You Need To Know About Storing EU Data
Privacy shield: What You Need To Know About Storing EU DataPrivacy shield: What You Need To Know About Storing EU Data
Privacy shield: What You Need To Know About Storing EU Data
 
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...
 
PA-DSS and Application Penetration Testing
PA-DSS and Application Penetration TestingPA-DSS and Application Penetration Testing
PA-DSS and Application Penetration Testing
 
The CSA STAR Program: Certification & Attestation
The CSA STAR Program: Certification & AttestationThe CSA STAR Program: Certification & Attestation
The CSA STAR Program: Certification & Attestation
 
Get Ready Now for HITRUST 2017
Get Ready Now for HITRUST 2017Get Ready Now for HITRUST 2017
Get Ready Now for HITRUST 2017
 
STAND OUT: Why You Should Become ISO 27001 Certified
STAND OUT: Why You Should Become ISO 27001 CertifiedSTAND OUT: Why You Should Become ISO 27001 Certified
STAND OUT: Why You Should Become ISO 27001 Certified
 
Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018
Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018
Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018
 
12 Steps to Preparing for a QAR
12 Steps to Preparing for a QAR12 Steps to Preparing for a QAR
12 Steps to Preparing for a QAR
 
EPCS Overview
EPCS OverviewEPCS Overview
EPCS Overview
 
PCI DSS 3.0 Overview and Key Updates
PCI DSS 3.0 Overview and Key UpdatesPCI DSS 3.0 Overview and Key Updates
PCI DSS 3.0 Overview and Key Updates
 
10 Steps Toward FedRAMP Compliance
10 Steps Toward FedRAMP Compliance10 Steps Toward FedRAMP Compliance
10 Steps Toward FedRAMP Compliance
 
Your've Been Hacked in Florida! Now What?
Your've Been Hacked in Florida! Now What?Your've Been Hacked in Florida! Now What?
Your've Been Hacked in Florida! Now What?
 

Recently uploaded

business environment micro environment macro environment.pptx
business environment micro environment macro environment.pptxbusiness environment micro environment macro environment.pptx
business environment micro environment macro environment.pptxShruti Mittal
 
WSMM Media and Entertainment Feb_March_Final.pdf
WSMM Media and Entertainment Feb_March_Final.pdfWSMM Media and Entertainment Feb_March_Final.pdf
WSMM Media and Entertainment Feb_March_Final.pdfJamesConcepcion7
 
20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf
20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf
20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdfChris Skinner
 
trending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdf
trending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdftrending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdf
trending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdfMintel Group
 
Darshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfDarshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfShashank Mehta
 
Fordham -How effective decision-making is within the IT department - Analysis...
Fordham -How effective decision-making is within the IT department - Analysis...Fordham -How effective decision-making is within the IT department - Analysis...
Fordham -How effective decision-making is within the IT department - Analysis...Peter Ward
 
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptxGo for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptxRakhi Bazaar
 
GUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdf
GUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdfGUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdf
GUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdfDanny Diep To
 
EUDR Info Meeting Ethiopian coffee exporters
EUDR Info Meeting Ethiopian coffee exportersEUDR Info Meeting Ethiopian coffee exporters
EUDR Info Meeting Ethiopian coffee exportersPeter Horsten
 
Effective Strategies for Maximizing Your Profit When Selling Gold Jewelry
Effective Strategies for Maximizing Your Profit When Selling Gold JewelryEffective Strategies for Maximizing Your Profit When Selling Gold Jewelry
Effective Strategies for Maximizing Your Profit When Selling Gold JewelryWhittensFineJewelry1
 
How Generative AI Is Transforming Your Business | Byond Growth Insights | Apr...
How Generative AI Is Transforming Your Business | Byond Growth Insights | Apr...How Generative AI Is Transforming Your Business | Byond Growth Insights | Apr...
How Generative AI Is Transforming Your Business | Byond Growth Insights | Apr...Hector Del Castillo, CPM, CPMM
 
Welding Electrode Making Machine By Deccan Dynamics
Welding Electrode Making Machine By Deccan DynamicsWelding Electrode Making Machine By Deccan Dynamics
Welding Electrode Making Machine By Deccan DynamicsIndiaMART InterMESH Limited
 
20200128 Ethical by Design - Whitepaper.pdf
20200128 Ethical by Design - Whitepaper.pdf20200128 Ethical by Design - Whitepaper.pdf
20200128 Ethical by Design - Whitepaper.pdfChris Skinner
 
Driving Business Impact for PMs with Jon Harmer
Driving Business Impact for PMs with Jon HarmerDriving Business Impact for PMs with Jon Harmer
Driving Business Impact for PMs with Jon HarmerAggregage
 
Guide Complete Set of Residential Architectural Drawings PDF
Guide Complete Set of Residential Architectural Drawings PDFGuide Complete Set of Residential Architectural Drawings PDF
Guide Complete Set of Residential Architectural Drawings PDFChandresh Chudasama
 
Pitch Deck Teardown: Xpanceo's $40M Seed deck
Pitch Deck Teardown: Xpanceo's $40M Seed deckPitch Deck Teardown: Xpanceo's $40M Seed deck
Pitch Deck Teardown: Xpanceo's $40M Seed deckHajeJanKamps
 
Memorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQMMemorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQMVoces Mineras
 
Send Files | Sendbig.comSend Files | Sendbig.com
Send Files | Sendbig.comSend Files | Sendbig.comSend Files | Sendbig.comSend Files | Sendbig.com
Send Files | Sendbig.comSend Files | Sendbig.comSendBig4
 

Recently uploaded (20)

business environment micro environment macro environment.pptx
business environment micro environment macro environment.pptxbusiness environment micro environment macro environment.pptx
business environment micro environment macro environment.pptx
 
WSMM Media and Entertainment Feb_March_Final.pdf
WSMM Media and Entertainment Feb_March_Final.pdfWSMM Media and Entertainment Feb_March_Final.pdf
WSMM Media and Entertainment Feb_March_Final.pdf
 
20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf
20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf
20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf
 
trending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdf
trending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdftrending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdf
trending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdf
 
Darshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfDarshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdf
 
Fordham -How effective decision-making is within the IT department - Analysis...
Fordham -How effective decision-making is within the IT department - Analysis...Fordham -How effective decision-making is within the IT department - Analysis...
Fordham -How effective decision-making is within the IT department - Analysis...
 
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptxGo for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
 
GUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdf
GUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdfGUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdf
GUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdf
 
WAM Corporate Presentation April 12 2024.pdf
WAM Corporate Presentation April 12 2024.pdfWAM Corporate Presentation April 12 2024.pdf
WAM Corporate Presentation April 12 2024.pdf
 
EUDR Info Meeting Ethiopian coffee exporters
EUDR Info Meeting Ethiopian coffee exportersEUDR Info Meeting Ethiopian coffee exporters
EUDR Info Meeting Ethiopian coffee exporters
 
Effective Strategies for Maximizing Your Profit When Selling Gold Jewelry
Effective Strategies for Maximizing Your Profit When Selling Gold JewelryEffective Strategies for Maximizing Your Profit When Selling Gold Jewelry
Effective Strategies for Maximizing Your Profit When Selling Gold Jewelry
 
How Generative AI Is Transforming Your Business | Byond Growth Insights | Apr...
How Generative AI Is Transforming Your Business | Byond Growth Insights | Apr...How Generative AI Is Transforming Your Business | Byond Growth Insights | Apr...
How Generative AI Is Transforming Your Business | Byond Growth Insights | Apr...
 
Welding Electrode Making Machine By Deccan Dynamics
Welding Electrode Making Machine By Deccan DynamicsWelding Electrode Making Machine By Deccan Dynamics
Welding Electrode Making Machine By Deccan Dynamics
 
20200128 Ethical by Design - Whitepaper.pdf
20200128 Ethical by Design - Whitepaper.pdf20200128 Ethical by Design - Whitepaper.pdf
20200128 Ethical by Design - Whitepaper.pdf
 
Driving Business Impact for PMs with Jon Harmer
Driving Business Impact for PMs with Jon HarmerDriving Business Impact for PMs with Jon Harmer
Driving Business Impact for PMs with Jon Harmer
 
Guide Complete Set of Residential Architectural Drawings PDF
Guide Complete Set of Residential Architectural Drawings PDFGuide Complete Set of Residential Architectural Drawings PDF
Guide Complete Set of Residential Architectural Drawings PDF
 
The Bizz Quiz-E-Summit-E-Cell-IITPatna.pptx
The Bizz Quiz-E-Summit-E-Cell-IITPatna.pptxThe Bizz Quiz-E-Summit-E-Cell-IITPatna.pptx
The Bizz Quiz-E-Summit-E-Cell-IITPatna.pptx
 
Pitch Deck Teardown: Xpanceo's $40M Seed deck
Pitch Deck Teardown: Xpanceo's $40M Seed deckPitch Deck Teardown: Xpanceo's $40M Seed deck
Pitch Deck Teardown: Xpanceo's $40M Seed deck
 
Memorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQMMemorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQM
 
Send Files | Sendbig.comSend Files | Sendbig.com
Send Files | Sendbig.comSend Files | Sendbig.comSend Files | Sendbig.comSend Files | Sendbig.com
Send Files | Sendbig.comSend Files | Sendbig.com
 

SOC 1 Overview

  • 1. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
  • 2. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved Background & Overview 01 ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
  • 3. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved OVERVIEW • SSAE 16 • SOC 1 • AT Section 801 • ISAE 3402
  • 4. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved SERVICE AUDITORS ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
  • 5. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved SERVICE PROVIDERS
  • 6. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved USER ENTITIES
  • 7. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved USER AUDITORS
  • 8. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
  • 9. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved Overview of the AICPA Framework 02 ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
  • 10. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved AICPA SOC FRAMEWORK Applicable SOC-1 SOC-2 SOC-3 Standard/Guidance SSAE 16: AICPA Guide (2013) AT 101: AICPA Guide (2013) AT 101: Technical Practice Aid (2014) Scope ICFR Security/Systems, Privacy Security/Systems, Privacy Criteria Control Objectives Trust Services Principles/GAPP Trust Services Principles/GAPP Usage of report User auditor, user entity, management of SO Knowledgeable parties Anyone
  • 11. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved Purpose & Scope 03 ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
  • 12. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved WHY DO YOU NEED AN SOC REPORT? Regulatory requirements User entity mandates Outsourcing relationships Internal control analysis Independent 3rd party opinion Competition and market
  • 13. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved Focused on financial reporting risks
  • 14. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved SPECIFIED BY THE SERVICE ORGANIZATION • Operational/Application • General IT controls
  • 15. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved The Boundaries 04 ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
  • 16. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved If there is internal control over financial reporting relevance, there is SOC 1 examination!
  • 17. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved BOUNDARIES • What SOC 1 does cover? • What SOC 1 does cover?
  • 18. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved BOUNDARIES • Limited for specific users • Limited purpose
  • 19. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved The Anatomy 05 ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
  • 20. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved Service Auditor’s Report – “The Opinion” Management’s Assertion Description of the System Tests of Controls and Corresponding Results Additional Information – Provided by Service Organization REPORT STRUCTURE
  • 21. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved Unqualified vs. Qualified SERVICE AUDITOR’S REPORT
  • 22. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Commitment - suitability and accuracy • SOX Section 302 certification • Subservice organizations MANAGEMENT’S ASSERTION
  • 23. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved Objective description of the services SYSTEM DESCRIPTION
  • 24. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved Management’s objective description of the services provided to user entities. SYSTEM DESCRIPTION
  • 25. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Test procedures • Results • Deviations / Exceptions TEST OF CONTROLS / RESULTS
  • 26. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved Information not related to ICFR ADDITIONAL INFORMATION
  • 27. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved Common Challenges and Benefits05 ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
  • 28. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Impact on financial reporting • Legal / regulatory compliance • Impact on production /quality RELEVANCE TO CUSTOMERS’ ICFR
  • 29. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved RELEVANCE TO CUSTOMERS’ ICFR • No financial reporting impact • Misuse of the report
  • 30. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved RELEVANCE TO CUSTOMERS’ ICFR • Accurate use of report • User auditor expectations
  • 31. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Contracts, RFP, SLA • AICPA website • Training and awareness • Executive communication • Discussion with service auditor EDUCATION & PREPAREDNESS
  • 32. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved EDUCATION & PREPAREDNESS • Insufficient timing • Silos / groups
  • 33. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved EDUCATION & PREPAREDNESS • Demonstrates management’s responsibility and accountability • Promotes successful examination efforts
  • 34. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved CUSTOMER REQUIREMENTS • Document client needs • Client discussions • Decide on report type
  • 35. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved CUSTOMER REQUIREMENTS • Choosing the correct report • Trying to meet multiple compliance efforts as a single deliverable
  • 36. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved CUSTOMER REQUIREMENTS • Meet ICFR regulatory or contractual mandates • Bolster trust and confidence • One exam meets multiple customer requests • Promote a stronger control environment
  • 37. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved CARVE-OUT VS INCLUSIVE • Carve-out method emphasis • Subservice organization • Inclusive method requirements
  • 38. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved CARVE-OUT VS INCLUSIVE • Obtaining cooperation / documentation for subservice organization(s)
  • 39. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved CARVE-OUT VS INCLUSIVE • Focused and tailored report
  • 40. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Type 1 • Type 2 REPORT TYPE
  • 41. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Insufficient coverage • Implementation of controls REPORT TYPE
  • 42. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Both attestation reports • Timeliness of report • Report coverage and content REPORT TYPE
  • 43. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved Perform a risk assessment RISK ASSESSMENT & SCOPE
  • 44. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Accurate scope • Control identification RISK ASSESSMENT & SCOPE
  • 45. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Pre-planning process • Better understanding of environment • Early identification of issues RISK ASSESSMENT & SCOPE
  • 46. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Direct assistance • Use work of others INTERNAL AUDIT ASSISTANCE
  • 47. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Learning curve • Difference in testing strategies INTERNAL AUDIT ASSISTANCE
  • 48. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Professional fees and time • Understanding of environment • Evidence gathering and management INTERNAL AUDIT ASSISTANCE
  • 49. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Internally • Service auditors READINESS ASSESSMENT
  • 50. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Inaccurate description of process • Lack of resources READINESS ASSESSMENT
  • 51. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Increase success in the audit • Earlier remediation efforts • Better preparation • Documentation of the narrative READINESS ASSESSMENT
  • 52. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Policies/Procedures • Segregation of duties • Monitoring REMEDIATION
  • 53. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Insufficient planning • Resource constraints • Timely remediation REMEDIATION
  • 54. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Meet ICFR regulatory or contractual mandates • Bolster confidence • Promote a stronger control environment REMEDIATION
  • 55. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Licensed CPA firm • Independent • Single Vendor Approach • Audit Team AUDIT FIRM SELECTION
  • 56. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Lack of mature methodology • Remote only testing • Use of offshore resources AUDIT FIRM SELECTION
  • 57. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Acceptable auditor to auditor communication • Value-added controls assessment process AUDIT FIRM SELECTION
  • 58. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • SOC Overview • Examination Scoping • RFP Template • Sample Report Download SOC 1 PrepKit