SlideShare a Scribd company logo

SOC 1 Overview

Schellman & Company
Schellman & Company

To compete in today's marketplace, your customers must have trust and confidence in your environment. The popularity of the SOC 1 report has been amplified with an increase in outsourcing relationships and customer mandates for a stronger control environment. * Review of the background and history * Definition of the AICPA Framework * Overview of the purpose and scope * Discussion of boundaries and benefits * Requirements of the examination process * Outline the anatomy of the report

Business
1 of 58
Download to read offline
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved Background & Overview 01 ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved OVERVIEW • SSAE 16 • SOC 1 • AT Section 801 • ISAE 3402
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved SERVICE AUDITORS ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved SERVICE PROVIDERS
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved USER ENTITIES
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved USER AUDITORS
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved Overview of the AICPA Framework 02 ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved AICPA SOC FRAMEWORK Applicable SOC-1 SOC-2 SOC-3 Standard/Guidance SSAE 16: AICPA Guide (2013) AT 101: AICPA Guide (2013) AT 101: Technical Practice Aid (2014) Scope ICFR Security/Systems, Privacy Security/Systems, Privacy Criteria Control Objectives Trust Services Principles/GAPP Trust Services Principles/GAPP Usage of report User auditor, user entity, management of SO Knowledgeable parties Anyone
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved Purpose & Scope 03 ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved WHY DO YOU NEED AN SOC REPORT? Regulatory requirements User entity mandates Outsourcing relationships Internal control analysis Independent 3rd party opinion Competition and market
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved Focused on financial reporting risks
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved SPECIFIED BY THE SERVICE ORGANIZATION • Operational/Application • General IT controls
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved The Boundaries 04 ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved If there is internal control over financial reporting relevance, there is SOC 1 examination!
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved BOUNDARIES • What SOC 1 does cover? • What SOC 1 does cover?
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved BOUNDARIES • Limited for specific users • Limited purpose
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved The Anatomy 05 ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved Service Auditor’s Report – “The Opinion” Management’s Assertion Description of the System Tests of Controls and Corresponding Results Additional Information – Provided by Service Organization REPORT STRUCTURE
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved Unqualified vs. Qualified SERVICE AUDITOR’S REPORT
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Commitment - suitability and accuracy • SOX Section 302 certification • Subservice organizations MANAGEMENT’S ASSERTION
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved Objective description of the services SYSTEM DESCRIPTION
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved Management’s objective description of the services provided to user entities. SYSTEM DESCRIPTION
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Test procedures • Results • Deviations / Exceptions TEST OF CONTROLS / RESULTS
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved Information not related to ICFR ADDITIONAL INFORMATION
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved Common Challenges and Benefits05 ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Impact on financial reporting • Legal / regulatory compliance • Impact on production /quality RELEVANCE TO CUSTOMERS’ ICFR
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved RELEVANCE TO CUSTOMERS’ ICFR • No financial reporting impact • Misuse of the report
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved RELEVANCE TO CUSTOMERS’ ICFR • Accurate use of report • User auditor expectations
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Contracts, RFP, SLA • AICPA website • Training and awareness • Executive communication • Discussion with service auditor EDUCATION & PREPAREDNESS
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved EDUCATION & PREPAREDNESS • Insufficient timing • Silos / groups
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved EDUCATION & PREPAREDNESS • Demonstrates management’s responsibility and accountability • Promotes successful examination efforts
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved CUSTOMER REQUIREMENTS • Document client needs • Client discussions • Decide on report type
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved CUSTOMER REQUIREMENTS • Choosing the correct report • Trying to meet multiple compliance efforts as a single deliverable
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved CUSTOMER REQUIREMENTS • Meet ICFR regulatory or contractual mandates • Bolster trust and confidence • One exam meets multiple customer requests • Promote a stronger control environment
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved CARVE-OUT VS INCLUSIVE • Carve-out method emphasis • Subservice organization • Inclusive method requirements
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved CARVE-OUT VS INCLUSIVE • Obtaining cooperation / documentation for subservice organization(s)
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved CARVE-OUT VS INCLUSIVE • Focused and tailored report
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Type 1 • Type 2 REPORT TYPE
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Insufficient coverage • Implementation of controls REPORT TYPE
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Both attestation reports • Timeliness of report • Report coverage and content REPORT TYPE
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved Perform a risk assessment RISK ASSESSMENT & SCOPE
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Accurate scope • Control identification RISK ASSESSMENT & SCOPE
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Pre-planning process • Better understanding of environment • Early identification of issues RISK ASSESSMENT & SCOPE
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Direct assistance • Use work of others INTERNAL AUDIT ASSISTANCE
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Learning curve • Difference in testing strategies INTERNAL AUDIT ASSISTANCE
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Professional fees and time • Understanding of environment • Evidence gathering and management INTERNAL AUDIT ASSISTANCE
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Internally • Service auditors READINESS ASSESSMENT
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Inaccurate description of process • Lack of resources READINESS ASSESSMENT
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Increase success in the audit • Earlier remediation efforts • Better preparation • Documentation of the narrative READINESS ASSESSMENT
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Policies/Procedures • Segregation of duties • Monitoring REMEDIATION
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Insufficient planning • Resource constraints • Timely remediation REMEDIATION
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Meet ICFR regulatory or contractual mandates • Bolster confidence • Promote a stronger control environment REMEDIATION
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Licensed CPA firm • Independent • Single Vendor Approach • Audit Team AUDIT FIRM SELECTION
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Lack of mature methodology • Remote only testing • Use of offshore resources AUDIT FIRM SELECTION
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Acceptable auditor to auditor communication • Value-added controls assessment process AUDIT FIRM SELECTION
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • SOC Overview • Examination Scoping • RFP Template • Sample Report Download SOC 1 PrepKit

Recommended

Everything You Need To Know About SOC 1
Everything You Need To Know About SOC 1Everything You Need To Know About SOC 1
Everything You Need To Know About SOC 1Schellman & Company
 
SOC 2 and You
SOC 2 and YouSOC 2 and You
SOC 2 and YouSchellman & Company
 
SOC 2: Build Trust and Confidence
SOC 2: Build Trust and ConfidenceSOC 2: Build Trust and Confidence
SOC 2: Build Trust and ConfidenceSchellman & Company
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?PECB
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewTandhy Simanjuntak
 
TUV Southwest Training Programs
TUV Southwest Training ProgramsTUV Southwest Training Programs
TUV Southwest Training ProgramsTUV Southwest
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My OrganisationVigilant Software
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001Imran Ahmed
 

Recommended

Everything You Need To Know About SOC 1
Everything You Need To Know About SOC 1Everything You Need To Know About SOC 1
Everything You Need To Know About SOC 1Schellman & Company
 
SOC 2 and You
SOC 2 and YouSOC 2 and You
SOC 2 and YouSchellman & Company
 
SOC 2: Build Trust and Confidence
SOC 2: Build Trust and ConfidenceSOC 2: Build Trust and Confidence
SOC 2: Build Trust and ConfidenceSchellman & Company
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?PECB
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewTandhy Simanjuntak
 
TUV Southwest Training Programs
TUV Southwest Training ProgramsTUV Southwest Training Programs
TUV Southwest Training ProgramsTUV Southwest
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My OrganisationVigilant Software
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001Imran Ahmed
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awarenessÃsħâr Ãâlâm
 
New ISO 20000-1:2018 Changes, Implementation Steps
New ISO 20000-1:2018 Changes, Implementation StepsNew ISO 20000-1:2018 Changes, Implementation Steps
New ISO 20000-1:2018 Changes, Implementation StepsIntegration Technologies Group Inc
 
Overview of ISO 27001 ISMS
Overview of ISO 27001 ISMSOverview of ISO 27001 ISMS
Overview of ISO 27001 ISMSAkhil Garg
 
What is ISO 27001 ISMS
What is ISO 27001 ISMSWhat is ISO 27001 ISMS
What is ISO 27001 ISMSBusiness Beam
 
ISO 27001:2022 Introduction
ISO 27001:2022 IntroductionISO 27001:2022 Introduction
ISO 27001:2022 IntroductionAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
NQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation GuideNQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation GuideNA Putra
 
SOC 2 Compliance and Certification
SOC 2 Compliance and CertificationSOC 2 Compliance and Certification
SOC 2 Compliance and CertificationControlCase
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3Tanmay Shinde
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfControlCase
 
IT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsIT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsEd Tobias
 
Iso 27001 2013
Iso 27001 2013Iso 27001 2013
Iso 27001 2013Magda CHELLY, Ph.D, S-CISO, CISSP®
 
Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...
Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...
Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...PECB
 
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to KnowISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to KnowPECB
 
ISO 27001 Benefits
ISO 27001 BenefitsISO 27001 Benefits
ISO 27001 BenefitsDejan Kosutic
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdfControlCase
 
PCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuidePCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuideAlienVault
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA
 
ISO 27001
ISO 27001ISO 27001
ISO 27001n|u - The Open Security Community
 
Audit Sample Report
Audit Sample ReportAudit Sample Report
Audit Sample ReportRandy James
 
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020Jiunn-Jer Sun
 
Hitrust: Navigating to 2017, Your Map to HITRUST Certification
Hitrust: Navigating to 2017, Your Map to HITRUST CertificationHitrust: Navigating to 2017, Your Map to HITRUST Certification
Hitrust: Navigating to 2017, Your Map to HITRUST CertificationSchellman & Company
 
CSA STAR Program
CSA STAR ProgramCSA STAR Program
CSA STAR ProgramSchellman & Company
 

More Related Content

What's hot

Overview of ISO 27001 ISMS
Overview of ISO 27001 ISMSOverview of ISO 27001 ISMS
Overview of ISO 27001 ISMSAkhil Garg
 
What is ISO 27001 ISMS
What is ISO 27001 ISMSWhat is ISO 27001 ISMS
What is ISO 27001 ISMSBusiness Beam
 
NQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation GuideNQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation GuideNA Putra
 
SOC 2 Compliance and Certification
SOC 2 Compliance and CertificationSOC 2 Compliance and Certification
SOC 2 Compliance and CertificationControlCase
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3Tanmay Shinde
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfControlCase
 
IT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsIT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsEd Tobias
 
Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...
Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...
Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...PECB
 
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to KnowISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to KnowPECB
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdfControlCase
 
PCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuidePCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuideAlienVault
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA
 
Audit Sample Report
Audit Sample ReportAudit Sample Report
Audit Sample ReportRandy James
 
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020Jiunn-Jer Sun
 

What's hot (20)

Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awareness
 
New ISO 20000-1:2018 Changes, Implementation Steps
New ISO 20000-1:2018 Changes, Implementation StepsNew ISO 20000-1:2018 Changes, Implementation Steps
New ISO 20000-1:2018 Changes, Implementation Steps
 
Overview of ISO 27001 ISMS
Overview of ISO 27001 ISMSOverview of ISO 27001 ISMS
Overview of ISO 27001 ISMS
 
What is ISO 27001 ISMS
What is ISO 27001 ISMSWhat is ISO 27001 ISMS
What is ISO 27001 ISMS
 
ISO 27001:2022 Introduction
ISO 27001:2022 IntroductionISO 27001:2022 Introduction
ISO 27001:2022 Introduction
 
NQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation GuideNQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation Guide
 
SOC 2 Compliance and Certification
SOC 2 Compliance and CertificationSOC 2 Compliance and Certification
SOC 2 Compliance and Certification
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdf
 
IT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsIT Audit For Non-IT Auditors
IT Audit For Non-IT Auditors
 
Iso 27001 2013
Iso 27001 2013Iso 27001 2013
Iso 27001 2013
 
Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...
Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...
Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...
 
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to KnowISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
 
ISO 27001 Benefits
ISO 27001 BenefitsISO 27001 Benefits
ISO 27001 Benefits
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf
 
PCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuidePCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step Guide
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation Guide
 
ISO 27001
ISO 27001ISO 27001
ISO 27001
 
Audit Sample Report
Audit Sample ReportAudit Sample Report
Audit Sample Report
 
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
A Big Picture of IEC 62443 - Cybersecurity Webinar (2) 2020
 

Similar to SOC 1 Overview

Hitrust: Navigating to 2017, Your Map to HITRUST Certification
Hitrust: Navigating to 2017, Your Map to HITRUST CertificationHitrust: Navigating to 2017, Your Map to HITRUST Certification
Hitrust: Navigating to 2017, Your Map to HITRUST CertificationSchellman & Company
 
Innovation TVA Presentation Deck
Innovation TVA Presentation DeckInnovation TVA Presentation Deck
Innovation TVA Presentation DeckJoe Scherrer
 
Facilities Management - Extending Service Automation to Outside Contractors
Facilities Management - Extending Service Automation to Outside ContractorsFacilities Management - Extending Service Automation to Outside Contractors
Facilities Management - Extending Service Automation to Outside ContractorsServiceChannel
 
The Customer Success Nuances of On Premise Solutions
The Customer Success Nuances of On Premise SolutionsThe Customer Success Nuances of On Premise Solutions
The Customer Success Nuances of On Premise SolutionsGainsight
 
2 dean lightwood debt sale (4 3)
2 dean lightwood debt sale (4 3)2 dean lightwood debt sale (4 3)
2 dean lightwood debt sale (4 3)CCR-interactive
 
Closing the Loop on Survey Programs
Closing the Loop on Survey ProgramsClosing the Loop on Survey Programs
Closing the Loop on Survey ProgramsGainsight
 
How Gainsight's CEO Uses Gainsight
How Gainsight's CEO Uses GainsightHow Gainsight's CEO Uses Gainsight
How Gainsight's CEO Uses GainsightGainsight
 
How Gainsight's CEO Uses Gainsight
How Gainsight's CEO Uses GainsightHow Gainsight's CEO Uses Gainsight
How Gainsight's CEO Uses GainsightPaul Slakey
 
Working Cross-Functionally at Gainsight
Working Cross-Functionally at GainsightWorking Cross-Functionally at Gainsight
Working Cross-Functionally at GainsightGainsight
 
Salesforce.com Relaunch Featuring Customer Success Story From Aon
Salesforce.com Relaunch Featuring Customer Success Story From AonSalesforce.com Relaunch Featuring Customer Success Story From Aon
Salesforce.com Relaunch Featuring Customer Success Story From AonRightpoint
 
Issues Management In The Digital Age
Issues Management In The Digital AgeIssues Management In The Digital Age
Issues Management In The Digital AgeCharlie Pownall
 
Best practices in CSM compensation with customer success leaders
Best practices in CSM compensation with customer success leadersBest practices in CSM compensation with customer success leaders
Best practices in CSM compensation with customer success leadersGainsight
 
How to Use Tax Returns for Global Cash Flow with Multiple Pass-Through Entities
How to Use Tax Returns for Global Cash Flow with Multiple Pass-Through EntitiesHow to Use Tax Returns for Global Cash Flow with Multiple Pass-Through Entities
How to Use Tax Returns for Global Cash Flow with Multiple Pass-Through EntitiesLibby Bierman
 
Customer Success Webinar Series: How to Align your Company Around an Onboardi...
Customer Success Webinar Series: How to Align your Company Around an Onboardi...Customer Success Webinar Series: How to Align your Company Around an Onboardi...
Customer Success Webinar Series: How to Align your Company Around an Onboardi...Gainsight
 
Pulse 2016: Managing Sponsor Change
Pulse 2016: Managing Sponsor ChangePulse 2016: Managing Sponsor Change
Pulse 2016: Managing Sponsor ChangeMatt Hensler
 
"How to Re-Energize Your Digital Analytics Program" - Hyatt + WAD, Digital Ve...
"How to Re-Energize Your Digital Analytics Program" - Hyatt + WAD, Digital Ve..."How to Re-Energize Your Digital Analytics Program" - Hyatt + WAD, Digital Ve...
"How to Re-Energize Your Digital Analytics Program" - Hyatt + WAD, Digital Ve...Tealium
 
Getting Value From Gainsight
Getting Value From GainsightGetting Value From Gainsight
Getting Value From GainsightGainsight
 
The keys to scaling your customer success program
The keys to scaling your customer success programThe keys to scaling your customer success program
The keys to scaling your customer success programGainsight
 
Usage Data or Not, Customer Success is still Customer Success
Usage Data or Not, Customer Success is still Customer SuccessUsage Data or Not, Customer Success is still Customer Success
Usage Data or Not, Customer Success is still Customer SuccessAnjanette Hill Mendoza
 

Similar to SOC 1 Overview (20)

Hitrust: Navigating to 2017, Your Map to HITRUST Certification
Hitrust: Navigating to 2017, Your Map to HITRUST CertificationHitrust: Navigating to 2017, Your Map to HITRUST Certification
Hitrust: Navigating to 2017, Your Map to HITRUST Certification
 
CSA STAR Program
CSA STAR ProgramCSA STAR Program
CSA STAR Program
 
Innovation TVA Presentation Deck
Innovation TVA Presentation DeckInnovation TVA Presentation Deck
Innovation TVA Presentation Deck
 
Facilities Management - Extending Service Automation to Outside Contractors
Facilities Management - Extending Service Automation to Outside ContractorsFacilities Management - Extending Service Automation to Outside Contractors
Facilities Management - Extending Service Automation to Outside Contractors
 
The Customer Success Nuances of On Premise Solutions
The Customer Success Nuances of On Premise SolutionsThe Customer Success Nuances of On Premise Solutions
The Customer Success Nuances of On Premise Solutions
 
2 dean lightwood debt sale (4 3)
2 dean lightwood debt sale (4 3)2 dean lightwood debt sale (4 3)
2 dean lightwood debt sale (4 3)
 
Closing the Loop on Survey Programs
Closing the Loop on Survey ProgramsClosing the Loop on Survey Programs
Closing the Loop on Survey Programs
 
How Gainsight's CEO Uses Gainsight
How Gainsight's CEO Uses GainsightHow Gainsight's CEO Uses Gainsight
How Gainsight's CEO Uses Gainsight
 
How Gainsight's CEO Uses Gainsight
How Gainsight's CEO Uses GainsightHow Gainsight's CEO Uses Gainsight
How Gainsight's CEO Uses Gainsight
 
Working Cross-Functionally at Gainsight
Working Cross-Functionally at GainsightWorking Cross-Functionally at Gainsight
Working Cross-Functionally at Gainsight
 
Salesforce.com Relaunch Featuring Customer Success Story From Aon
Salesforce.com Relaunch Featuring Customer Success Story From AonSalesforce.com Relaunch Featuring Customer Success Story From Aon
Salesforce.com Relaunch Featuring Customer Success Story From Aon
 
Issues Management In The Digital Age
Issues Management In The Digital AgeIssues Management In The Digital Age
Issues Management In The Digital Age
 
Best practices in CSM compensation with customer success leaders
Best practices in CSM compensation with customer success leadersBest practices in CSM compensation with customer success leaders
Best practices in CSM compensation with customer success leaders
 
How to Use Tax Returns for Global Cash Flow with Multiple Pass-Through Entities
How to Use Tax Returns for Global Cash Flow with Multiple Pass-Through EntitiesHow to Use Tax Returns for Global Cash Flow with Multiple Pass-Through Entities
How to Use Tax Returns for Global Cash Flow with Multiple Pass-Through Entities
 
Customer Success Webinar Series: How to Align your Company Around an Onboardi...
Customer Success Webinar Series: How to Align your Company Around an Onboardi...Customer Success Webinar Series: How to Align your Company Around an Onboardi...
Customer Success Webinar Series: How to Align your Company Around an Onboardi...
 
Pulse 2016: Managing Sponsor Change
Pulse 2016: Managing Sponsor ChangePulse 2016: Managing Sponsor Change
Pulse 2016: Managing Sponsor Change
 
"How to Re-Energize Your Digital Analytics Program" - Hyatt + WAD, Digital Ve...
"How to Re-Energize Your Digital Analytics Program" - Hyatt + WAD, Digital Ve..."How to Re-Energize Your Digital Analytics Program" - Hyatt + WAD, Digital Ve...
"How to Re-Energize Your Digital Analytics Program" - Hyatt + WAD, Digital Ve...
 
Getting Value From Gainsight
Getting Value From GainsightGetting Value From Gainsight
Getting Value From Gainsight
 
The keys to scaling your customer success program
The keys to scaling your customer success programThe keys to scaling your customer success program
The keys to scaling your customer success program
 
Usage Data or Not, Customer Success is still Customer Success
Usage Data or Not, Customer Success is still Customer SuccessUsage Data or Not, Customer Success is still Customer Success
Usage Data or Not, Customer Success is still Customer Success
 

More from Schellman & Company

Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018Schellman & Company
 
Determining Scope for PCI DSS Compliance
Determining Scope for PCI DSS ComplianceDetermining Scope for PCI DSS Compliance
Determining Scope for PCI DSS ComplianceSchellman & Company
 
Privacy shield: What You Need To Know About Storing EU Data
Privacy shield: What You Need To Know About Storing EU DataPrivacy shield: What You Need To Know About Storing EU Data
Privacy shield: What You Need To Know About Storing EU DataSchellman & Company
 
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...Schellman & Company
 
PA-DSS and Application Penetration Testing
PA-DSS and Application Penetration TestingPA-DSS and Application Penetration Testing
PA-DSS and Application Penetration TestingSchellman & Company
 
The CSA STAR Program: Certification & Attestation
The CSA STAR Program: Certification & AttestationThe CSA STAR Program: Certification & Attestation
The CSA STAR Program: Certification & AttestationSchellman & Company
 
STAND OUT: Why You Should Become ISO 27001 Certified
STAND OUT: Why You Should Become ISO 27001 CertifiedSTAND OUT: Why You Should Become ISO 27001 Certified
STAND OUT: Why You Should Become ISO 27001 CertifiedSchellman & Company
 
Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018
Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018
Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018Schellman & Company
 
PCI DSS 3.0 Overview and Key Updates
PCI DSS 3.0 Overview and Key UpdatesPCI DSS 3.0 Overview and Key Updates
PCI DSS 3.0 Overview and Key UpdatesSchellman & Company
 
10 Steps Toward FedRAMP Compliance
10 Steps Toward FedRAMP Compliance10 Steps Toward FedRAMP Compliance
10 Steps Toward FedRAMP ComplianceSchellman & Company
 
Your've Been Hacked in Florida! Now What?
Your've Been Hacked in Florida! Now What?Your've Been Hacked in Florida! Now What?
Your've Been Hacked in Florida! Now What?Schellman & Company
 

More from Schellman & Company (15)

Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018
 
Demystifying the Cyber NISTs
Demystifying the Cyber NISTsDemystifying the Cyber NISTs
Demystifying the Cyber NISTs
 
Determining Scope for PCI DSS Compliance
Determining Scope for PCI DSS ComplianceDetermining Scope for PCI DSS Compliance
Determining Scope for PCI DSS Compliance
 
Privacy shield: What You Need To Know About Storing EU Data
Privacy shield: What You Need To Know About Storing EU DataPrivacy shield: What You Need To Know About Storing EU Data
Privacy shield: What You Need To Know About Storing EU Data
 
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...
 
PA-DSS and Application Penetration Testing
PA-DSS and Application Penetration TestingPA-DSS and Application Penetration Testing
PA-DSS and Application Penetration Testing
 
The CSA STAR Program: Certification & Attestation
The CSA STAR Program: Certification & AttestationThe CSA STAR Program: Certification & Attestation
The CSA STAR Program: Certification & Attestation
 
Get Ready Now for HITRUST 2017
Get Ready Now for HITRUST 2017Get Ready Now for HITRUST 2017
Get Ready Now for HITRUST 2017
 
STAND OUT: Why You Should Become ISO 27001 Certified
STAND OUT: Why You Should Become ISO 27001 CertifiedSTAND OUT: Why You Should Become ISO 27001 Certified
STAND OUT: Why You Should Become ISO 27001 Certified
 
Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018
Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018
Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018
 
12 Steps to Preparing for a QAR
12 Steps to Preparing for a QAR12 Steps to Preparing for a QAR
12 Steps to Preparing for a QAR
 
EPCS Overview
EPCS OverviewEPCS Overview
EPCS Overview
 
PCI DSS 3.0 Overview and Key Updates
PCI DSS 3.0 Overview and Key UpdatesPCI DSS 3.0 Overview and Key Updates
PCI DSS 3.0 Overview and Key Updates
 
10 Steps Toward FedRAMP Compliance
10 Steps Toward FedRAMP Compliance10 Steps Toward FedRAMP Compliance
10 Steps Toward FedRAMP Compliance
 
Your've Been Hacked in Florida! Now What?
Your've Been Hacked in Florida! Now What?Your've Been Hacked in Florida! Now What?
Your've Been Hacked in Florida! Now What?
 

Recently uploaded

Case study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailCase study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailAriel592675
 
Investment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy CheruiyotInvestment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy Cheruiyotictsugar
 
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckPitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckHajeJanKamps
 
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptxContemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptxMarkAnthonyAurellano
 
Innovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfInnovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfrichard876048
 
Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...Seta Wicaksana
 
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607dollysharma2066
 
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCRashishs7044
 
Annual General Meeting Presentation Slides
Annual General Meeting Presentation SlidesAnnual General Meeting Presentation Slides
Annual General Meeting Presentation SlidesKeppelCorporation
 
Intro to BCG's Carbon Emissions Benchmark_vF.pdf
Intro to BCG's Carbon Emissions Benchmark_vF.pdfIntro to BCG's Carbon Emissions Benchmark_vF.pdf
Intro to BCG's Carbon Emissions Benchmark_vF.pdfpollardmorgan
 
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...ictsugar
 
2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis UsageNeil Kimberley
 
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...lizamodels9
 
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCRashishs7044
 
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort ServiceCall US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Servicecallgirls2057
 
APRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdfAPRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdfRbc Rbcua
 
Kenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith PereraKenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith Pereraictsugar
 
Kenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby AfricaKenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby Africaictsugar
 
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCRashishs7044
 
Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Kirill Klimov
 

Recently uploaded (20)

Case study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailCase study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detail
 
Investment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy CheruiyotInvestment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy Cheruiyot
 
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckPitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
 
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptxContemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
 
Innovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfInnovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdf
 
Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...
 
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
 
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
 
Annual General Meeting Presentation Slides
Annual General Meeting Presentation SlidesAnnual General Meeting Presentation Slides
Annual General Meeting Presentation Slides
 
Intro to BCG's Carbon Emissions Benchmark_vF.pdf
Intro to BCG's Carbon Emissions Benchmark_vF.pdfIntro to BCG's Carbon Emissions Benchmark_vF.pdf
Intro to BCG's Carbon Emissions Benchmark_vF.pdf
 
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
 
2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage
 
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
 
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
 
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort ServiceCall US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
 
APRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdfAPRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdf
 
Kenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith PereraKenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith Perera
 
Kenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby AfricaKenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby Africa
 
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
 
Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024
 

SOC 1 Overview

  • 1. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
  • 2. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved Background & Overview 01 ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
  • 3. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved OVERVIEW • SSAE 16 • SOC 1 • AT Section 801 • ISAE 3402
  • 4. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved SERVICE AUDITORS ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
  • 5. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved SERVICE PROVIDERS
  • 6. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved USER ENTITIES
  • 7. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved USER AUDITORS
  • 8. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
  • 9. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved Overview of the AICPA Framework 02 ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
  • 10. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved AICPA SOC FRAMEWORK Applicable SOC-1 SOC-2 SOC-3 Standard/Guidance SSAE 16: AICPA Guide (2013) AT 101: AICPA Guide (2013) AT 101: Technical Practice Aid (2014) Scope ICFR Security/Systems, Privacy Security/Systems, Privacy Criteria Control Objectives Trust Services Principles/GAPP Trust Services Principles/GAPP Usage of report User auditor, user entity, management of SO Knowledgeable parties Anyone
  • 11. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved Purpose & Scope 03 ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
  • 12. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved WHY DO YOU NEED AN SOC REPORT? Regulatory requirements User entity mandates Outsourcing relationships Internal control analysis Independent 3rd party opinion Competition and market
  • 13. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved Focused on financial reporting risks
  • 14. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved SPECIFIED BY THE SERVICE ORGANIZATION • Operational/Application • General IT controls
  • 15. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved The Boundaries 04 ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
  • 16. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved If there is internal control over financial reporting relevance, there is SOC 1 examination!
  • 17. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved BOUNDARIES • What SOC 1 does cover? • What SOC 1 does cover?
  • 18. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved BOUNDARIES • Limited for specific users • Limited purpose
  • 19. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved The Anatomy 05 ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
  • 20. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved Service Auditor’s Report – “The Opinion” Management’s Assertion Description of the System Tests of Controls and Corresponding Results Additional Information – Provided by Service Organization REPORT STRUCTURE
  • 21. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved Unqualified vs. Qualified SERVICE AUDITOR’S REPORT
  • 22. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Commitment - suitability and accuracy • SOX Section 302 certification • Subservice organizations MANAGEMENT’S ASSERTION
  • 23. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved Objective description of the services SYSTEM DESCRIPTION
  • 24. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved Management’s objective description of the services provided to user entities. SYSTEM DESCRIPTION
  • 25. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Test procedures • Results • Deviations / Exceptions TEST OF CONTROLS / RESULTS
  • 26. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved Information not related to ICFR ADDITIONAL INFORMATION
  • 27. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved Common Challenges and Benefits05 ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
  • 28. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Impact on financial reporting • Legal / regulatory compliance • Impact on production /quality RELEVANCE TO CUSTOMERS’ ICFR
  • 29. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved RELEVANCE TO CUSTOMERS’ ICFR • No financial reporting impact • Misuse of the report
  • 30. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved RELEVANCE TO CUSTOMERS’ ICFR • Accurate use of report • User auditor expectations
  • 31. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Contracts, RFP, SLA • AICPA website • Training and awareness • Executive communication • Discussion with service auditor EDUCATION & PREPAREDNESS
  • 32. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved EDUCATION & PREPAREDNESS • Insufficient timing • Silos / groups
  • 33. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved EDUCATION & PREPAREDNESS • Demonstrates management’s responsibility and accountability • Promotes successful examination efforts
  • 34. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved CUSTOMER REQUIREMENTS • Document client needs • Client discussions • Decide on report type
  • 35. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved CUSTOMER REQUIREMENTS • Choosing the correct report • Trying to meet multiple compliance efforts as a single deliverable
  • 36. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved CUSTOMER REQUIREMENTS • Meet ICFR regulatory or contractual mandates • Bolster trust and confidence • One exam meets multiple customer requests • Promote a stronger control environment
  • 37. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved CARVE-OUT VS INCLUSIVE • Carve-out method emphasis • Subservice organization • Inclusive method requirements
  • 38. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved CARVE-OUT VS INCLUSIVE • Obtaining cooperation / documentation for subservice organization(s)
  • 39. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved CARVE-OUT VS INCLUSIVE • Focused and tailored report
  • 40. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Type 1 • Type 2 REPORT TYPE
  • 41. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Insufficient coverage • Implementation of controls REPORT TYPE
  • 42. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Both attestation reports • Timeliness of report • Report coverage and content REPORT TYPE
  • 43. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved Perform a risk assessment RISK ASSESSMENT & SCOPE
  • 44. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Accurate scope • Control identification RISK ASSESSMENT & SCOPE
  • 45. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Pre-planning process • Better understanding of environment • Early identification of issues RISK ASSESSMENT & SCOPE
  • 46. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Direct assistance • Use work of others INTERNAL AUDIT ASSISTANCE
  • 47. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Learning curve • Difference in testing strategies INTERNAL AUDIT ASSISTANCE
  • 48. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Professional fees and time • Understanding of environment • Evidence gathering and management INTERNAL AUDIT ASSISTANCE
  • 49. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Internally • Service auditors READINESS ASSESSMENT
  • 50. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Inaccurate description of process • Lack of resources READINESS ASSESSMENT
  • 51. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Increase success in the audit • Earlier remediation efforts • Better preparation • Documentation of the narrative READINESS ASSESSMENT
  • 52. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Policies/Procedures • Segregation of duties • Monitoring REMEDIATION
  • 53. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Insufficient planning • Resource constraints • Timely remediation REMEDIATION
  • 54. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Meet ICFR regulatory or contractual mandates • Bolster confidence • Promote a stronger control environment REMEDIATION
  • 55. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Licensed CPA firm • Independent • Single Vendor Approach • Audit Team AUDIT FIRM SELECTION
  • 56. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Lack of mature methodology • Remote only testing • Use of offshore resources AUDIT FIRM SELECTION
  • 57. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Acceptable auditor to auditor communication • Value-added controls assessment process AUDIT FIRM SELECTION
  • 58. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • SOC Overview • Examination Scoping • RFP Template • Sample Report Download SOC 1 PrepKit