SlideShare a Scribd company logo

SOC 1 Overview

Schellman & Company
Schellman & Company

To compete in today's marketplace, your customers must have trust and confidence in your environment. The popularity of the SOC 1 report has been amplified with an increase in outsourcing relationships and customer mandates for a stronger control environment. * Review of the background and history * Definition of the AICPA Framework * Overview of the purpose and scope * Discussion of boundaries and benefits * Requirements of the examination process * Outline the anatomy of the report

Business
1 of 58
Download to read offline
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved Background & Overview 01 ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved OVERVIEW • SSAE 16 • SOC 1 • AT Section 801 • ISAE 3402
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved SERVICE AUDITORS ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved SERVICE PROVIDERS
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved USER ENTITIES
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved USER AUDITORS
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved Overview of the AICPA Framework 02 ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved AICPA SOC FRAMEWORK Applicable SOC-1 SOC-2 SOC-3 Standard/Guidance SSAE 16: AICPA Guide (2013) AT 101: AICPA Guide (2013) AT 101: Technical Practice Aid (2014) Scope ICFR Security/Systems, Privacy Security/Systems, Privacy Criteria Control Objectives Trust Services Principles/GAPP Trust Services Principles/GAPP Usage of report User auditor, user entity, management of SO Knowledgeable parties Anyone
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved Purpose & Scope 03 ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved WHY DO YOU NEED AN SOC REPORT? Regulatory requirements User entity mandates Outsourcing relationships Internal control analysis Independent 3rd party opinion Competition and market
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved Focused on financial reporting risks
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved SPECIFIED BY THE SERVICE ORGANIZATION • Operational/Application • General IT controls
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved The Boundaries 04 ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved If there is internal control over financial reporting relevance, there is SOC 1 examination!
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved BOUNDARIES • What SOC 1 does cover? • What SOC 1 does cover?
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved BOUNDARIES • Limited for specific users • Limited purpose
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved The Anatomy 05 ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved Service Auditor’s Report – “The Opinion” Management’s Assertion Description of the System Tests of Controls and Corresponding Results Additional Information – Provided by Service Organization REPORT STRUCTURE
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved Unqualified vs. Qualified SERVICE AUDITOR’S REPORT
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Commitment - suitability and accuracy • SOX Section 302 certification • Subservice organizations MANAGEMENT’S ASSERTION
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved Objective description of the services SYSTEM DESCRIPTION
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved Management’s objective description of the services provided to user entities. SYSTEM DESCRIPTION
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Test procedures • Results • Deviations / Exceptions TEST OF CONTROLS / RESULTS
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved Information not related to ICFR ADDITIONAL INFORMATION
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved Common Challenges and Benefits05 ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Impact on financial reporting • Legal / regulatory compliance • Impact on production /quality RELEVANCE TO CUSTOMERS’ ICFR
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved RELEVANCE TO CUSTOMERS’ ICFR • No financial reporting impact • Misuse of the report
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved RELEVANCE TO CUSTOMERS’ ICFR • Accurate use of report • User auditor expectations
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Contracts, RFP, SLA • AICPA website • Training and awareness • Executive communication • Discussion with service auditor EDUCATION & PREPAREDNESS
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved EDUCATION & PREPAREDNESS • Insufficient timing • Silos / groups
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved EDUCATION & PREPAREDNESS • Demonstrates management’s responsibility and accountability • Promotes successful examination efforts
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved CUSTOMER REQUIREMENTS • Document client needs • Client discussions • Decide on report type
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved CUSTOMER REQUIREMENTS • Choosing the correct report • Trying to meet multiple compliance efforts as a single deliverable
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved CUSTOMER REQUIREMENTS • Meet ICFR regulatory or contractual mandates • Bolster trust and confidence • One exam meets multiple customer requests • Promote a stronger control environment
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved CARVE-OUT VS INCLUSIVE • Carve-out method emphasis • Subservice organization • Inclusive method requirements
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved CARVE-OUT VS INCLUSIVE • Obtaining cooperation / documentation for subservice organization(s)
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved CARVE-OUT VS INCLUSIVE • Focused and tailored report
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Type 1 • Type 2 REPORT TYPE
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Insufficient coverage • Implementation of controls REPORT TYPE
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Both attestation reports • Timeliness of report • Report coverage and content REPORT TYPE
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved Perform a risk assessment RISK ASSESSMENT & SCOPE
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Accurate scope • Control identification RISK ASSESSMENT & SCOPE
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Pre-planning process • Better understanding of environment • Early identification of issues RISK ASSESSMENT & SCOPE
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Direct assistance • Use work of others INTERNAL AUDIT ASSISTANCE
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Learning curve • Difference in testing strategies INTERNAL AUDIT ASSISTANCE
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Professional fees and time • Understanding of environment • Evidence gathering and management INTERNAL AUDIT ASSISTANCE
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Internally • Service auditors READINESS ASSESSMENT
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Inaccurate description of process • Lack of resources READINESS ASSESSMENT
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Increase success in the audit • Earlier remediation efforts • Better preparation • Documentation of the narrative READINESS ASSESSMENT
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Policies/Procedures • Segregation of duties • Monitoring REMEDIATION
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Insufficient planning • Resource constraints • Timely remediation REMEDIATION
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Meet ICFR regulatory or contractual mandates • Bolster confidence • Promote a stronger control environment REMEDIATION
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Licensed CPA firm • Independent • Single Vendor Approach • Audit Team AUDIT FIRM SELECTION
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Lack of mature methodology • Remote only testing • Use of offshore resources AUDIT FIRM SELECTION
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Acceptable auditor to auditor communication • Value-added controls assessment process AUDIT FIRM SELECTION
©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • SOC Overview • Examination Scoping • RFP Template • Sample Report Download SOC 1 PrepKit

Recommended

Everything You Need To Know About SOC 1
Everything You Need To Know About SOC 1Everything You Need To Know About SOC 1
Everything You Need To Know About SOC 1Schellman & Company
 
SOC 2 Compliance and Certification
SOC 2 Compliance and CertificationSOC 2 Compliance and Certification
SOC 2 Compliance and CertificationControlCase
 
SOC 2: Build Trust and Confidence
SOC 2: Build Trust and ConfidenceSOC 2: Build Trust and Confidence
SOC 2: Build Trust and ConfidenceSchellman & Company
 
Soc 2 attestation or ISO 27001 certification - Which is better for organization
Soc 2 attestation or ISO 27001 certification - Which is better for organizationSoc 2 attestation or ISO 27001 certification - Which is better for organization
Soc 2 attestation or ISO 27001 certification - Which is better for organizationVISTA InfoSec
 
SOC 2 and You
SOC 2 and YouSOC 2 and You
SOC 2 and YouSchellman & Company
 
Control Standards for Information Security
Control Standards for Information SecurityControl Standards for Information Security
Control Standards for Information SecurityJohnHPazEMCPMPITIL5G
 
SSAE 16 Transitions Overview
SSAE 16 Transitions OverviewSSAE 16 Transitions Overview
SSAE 16 Transitions OverviewJeffrey Paulette
 
Information Security Governance and Strategy
Information Security Governance and Strategy Information Security Governance and Strategy
Information Security Governance and Strategy Dam Frank
 

Recommended

Everything You Need To Know About SOC 1
Everything You Need To Know About SOC 1Everything You Need To Know About SOC 1
Everything You Need To Know About SOC 1Schellman & Company
 
SOC 2 Compliance and Certification
SOC 2 Compliance and CertificationSOC 2 Compliance and Certification
SOC 2 Compliance and CertificationControlCase
 
SOC 2: Build Trust and Confidence
SOC 2: Build Trust and ConfidenceSOC 2: Build Trust and Confidence
SOC 2: Build Trust and ConfidenceSchellman & Company
 
Soc 2 attestation or ISO 27001 certification - Which is better for organization
Soc 2 attestation or ISO 27001 certification - Which is better for organizationSoc 2 attestation or ISO 27001 certification - Which is better for organization
Soc 2 attestation or ISO 27001 certification - Which is better for organizationVISTA InfoSec
 
SOC 2 and You
SOC 2 and YouSOC 2 and You
SOC 2 and YouSchellman & Company
 
Control Standards for Information Security
Control Standards for Information SecurityControl Standards for Information Security
Control Standards for Information SecurityJohnHPazEMCPMPITIL5G
 
SSAE 16 Transitions Overview
SSAE 16 Transitions OverviewSSAE 16 Transitions Overview
SSAE 16 Transitions OverviewJeffrey Paulette
 
Information Security Governance and Strategy
Information Security Governance and Strategy Information Security Governance and Strategy
Information Security Governance and Strategy Dam Frank
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingOperational Excellence Consulting
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewTandhy Simanjuntak
 
Cybersecurity Capability Maturity Model (C2M2)
Cybersecurity Capability Maturity Model (C2M2)Cybersecurity Capability Maturity Model (C2M2)
Cybersecurity Capability Maturity Model (C2M2)Maganathin Veeraragaloo
 
It audit methodologies
It audit methodologiesIt audit methodologies
It audit methodologiesSalih Islam
 
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...PECB
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdfControlCase
 
SOC-2 Compliance Status Report sample v10.0
SOC-2 Compliance Status Report sample v10.0SOC-2 Compliance Status Report sample v10.0
SOC-2 Compliance Status Report sample v10.0Mark S. Mahre
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
 
Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Dinesh O Bareja
 
ISO 27001:2022 Introduction
ISO 27001:2022 IntroductionISO 27001:2022 Introduction
ISO 27001:2022 IntroductionAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and DifferencesCMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and DifferencesPECB
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness TrainingDr Madhu Aman Sharma
 
How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?PECB
 
What is iso 27001 isms
What is iso 27001 ismsWhat is iso 27001 isms
What is iso 27001 ismsCraig Willetts ISO Expert
 
ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemMuhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
IT Audit methodologies
IT Audit methodologiesIT Audit methodologies
IT Audit methodologiesgenetics
 
Cobit
CobitCobit
Cobitifourkhushbooshah
 
CIS Security Benchmark
CIS Security BenchmarkCIS Security Benchmark
CIS Security BenchmarkRahul Khengare
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxDr Madhu Aman Sharma
 
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Hitrust: Navigating to 2017, Your Map to HITRUST Certification
Hitrust: Navigating to 2017, Your Map to HITRUST CertificationHitrust: Navigating to 2017, Your Map to HITRUST Certification
Hitrust: Navigating to 2017, Your Map to HITRUST CertificationSchellman & Company
 
CSA STAR Program
CSA STAR ProgramCSA STAR Program
CSA STAR ProgramSchellman & Company
 

More Related Content

What's hot

ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingOperational Excellence Consulting
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewTandhy Simanjuntak
 
Cybersecurity Capability Maturity Model (C2M2)
Cybersecurity Capability Maturity Model (C2M2)Cybersecurity Capability Maturity Model (C2M2)
Cybersecurity Capability Maturity Model (C2M2)Maganathin Veeraragaloo
 
It audit methodologies
It audit methodologiesIt audit methodologies
It audit methodologiesSalih Islam
 
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...PECB
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdfControlCase
 
SOC-2 Compliance Status Report sample v10.0
SOC-2 Compliance Status Report sample v10.0SOC-2 Compliance Status Report sample v10.0
SOC-2 Compliance Status Report sample v10.0Mark S. Mahre
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
 
Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Dinesh O Bareja
 
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and DifferencesCMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and DifferencesPECB
 
How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?PECB
 
IT Audit methodologies
IT Audit methodologiesIT Audit methodologies
IT Audit methodologiesgenetics
 
CIS Security Benchmark
CIS Security BenchmarkCIS Security Benchmark
CIS Security BenchmarkRahul Khengare
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxDr Madhu Aman Sharma
 

What's hot (20)

ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
 
Cybersecurity Capability Maturity Model (C2M2)
Cybersecurity Capability Maturity Model (C2M2)Cybersecurity Capability Maturity Model (C2M2)
Cybersecurity Capability Maturity Model (C2M2)
 
It audit methodologies
It audit methodologiesIt audit methodologies
It audit methodologies
 
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf
 
SOC-2 Compliance Status Report sample v10.0
SOC-2 Compliance Status Report sample v10.0SOC-2 Compliance Status Report sample v10.0
SOC-2 Compliance Status Report sample v10.0
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center Fundamental
 
Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing
 
ISO 27001:2022 Introduction
ISO 27001:2022 IntroductionISO 27001:2022 Introduction
ISO 27001:2022 Introduction
 
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and DifferencesCMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness Training
 
How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?
 
What is iso 27001 isms
What is iso 27001 ismsWhat is iso 27001 isms
What is iso 27001 isms
 
ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management System
 
IT Audit methodologies
IT Audit methodologiesIT Audit methodologies
IT Audit methodologies
 
Cobit
CobitCobit
Cobit
 
CIS Security Benchmark
CIS Security BenchmarkCIS Security Benchmark
CIS Security Benchmark
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptx
 
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
 

Similar to SOC 1 Overview

Hitrust: Navigating to 2017, Your Map to HITRUST Certification
Hitrust: Navigating to 2017, Your Map to HITRUST CertificationHitrust: Navigating to 2017, Your Map to HITRUST Certification
Hitrust: Navigating to 2017, Your Map to HITRUST CertificationSchellman & Company
 
Innovation TVA Presentation Deck
Innovation TVA Presentation DeckInnovation TVA Presentation Deck
Innovation TVA Presentation DeckJoe Scherrer
 
Facilities Management - Extending Service Automation to Outside Contractors
Facilities Management - Extending Service Automation to Outside ContractorsFacilities Management - Extending Service Automation to Outside Contractors
Facilities Management - Extending Service Automation to Outside ContractorsServiceChannel
 
The Customer Success Nuances of On Premise Solutions
The Customer Success Nuances of On Premise SolutionsThe Customer Success Nuances of On Premise Solutions
The Customer Success Nuances of On Premise SolutionsGainsight
 
2 dean lightwood debt sale (4 3)
2 dean lightwood debt sale (4 3)2 dean lightwood debt sale (4 3)
2 dean lightwood debt sale (4 3)CCR-interactive
 
Closing the Loop on Survey Programs
Closing the Loop on Survey ProgramsClosing the Loop on Survey Programs
Closing the Loop on Survey ProgramsGainsight
 
How Gainsight's CEO Uses Gainsight
How Gainsight's CEO Uses GainsightHow Gainsight's CEO Uses Gainsight
How Gainsight's CEO Uses GainsightPaul Slakey
 
How Gainsight's CEO Uses Gainsight
How Gainsight's CEO Uses GainsightHow Gainsight's CEO Uses Gainsight
How Gainsight's CEO Uses GainsightGainsight
 
Working Cross-Functionally at Gainsight
Working Cross-Functionally at GainsightWorking Cross-Functionally at Gainsight
Working Cross-Functionally at GainsightGainsight
 
Salesforce.com Relaunch Featuring Customer Success Story From Aon
Salesforce.com Relaunch Featuring Customer Success Story From AonSalesforce.com Relaunch Featuring Customer Success Story From Aon
Salesforce.com Relaunch Featuring Customer Success Story From AonRightpoint
 
Issues Management In The Digital Age
Issues Management In The Digital AgeIssues Management In The Digital Age
Issues Management In The Digital AgeCharlie Pownall
 
Best practices in CSM compensation with customer success leaders
Best practices in CSM compensation with customer success leadersBest practices in CSM compensation with customer success leaders
Best practices in CSM compensation with customer success leadersGainsight
 
How to Use Tax Returns for Global Cash Flow with Multiple Pass-Through Entities
How to Use Tax Returns for Global Cash Flow with Multiple Pass-Through EntitiesHow to Use Tax Returns for Global Cash Flow with Multiple Pass-Through Entities
How to Use Tax Returns for Global Cash Flow with Multiple Pass-Through EntitiesLibby Bierman
 
Customer Success Webinar Series: How to Align your Company Around an Onboardi...
Customer Success Webinar Series: How to Align your Company Around an Onboardi...Customer Success Webinar Series: How to Align your Company Around an Onboardi...
Customer Success Webinar Series: How to Align your Company Around an Onboardi...Gainsight
 
Pulse 2016: Managing Sponsor Change
Pulse 2016: Managing Sponsor ChangePulse 2016: Managing Sponsor Change
Pulse 2016: Managing Sponsor ChangeMatt Hensler
 
"How to Re-Energize Your Digital Analytics Program" - Hyatt + WAD, Digital Ve...
"How to Re-Energize Your Digital Analytics Program" - Hyatt + WAD, Digital Ve..."How to Re-Energize Your Digital Analytics Program" - Hyatt + WAD, Digital Ve...
"How to Re-Energize Your Digital Analytics Program" - Hyatt + WAD, Digital Ve...Tealium
 
Getting Value From Gainsight
Getting Value From GainsightGetting Value From Gainsight
Getting Value From GainsightGainsight
 
The keys to scaling your customer success program
The keys to scaling your customer success programThe keys to scaling your customer success program
The keys to scaling your customer success programGainsight
 
Usage Data or Not, Customer Success is still Customer Success
Usage Data or Not, Customer Success is still Customer SuccessUsage Data or Not, Customer Success is still Customer Success
Usage Data or Not, Customer Success is still Customer SuccessAnjanette Hill Mendoza
 

Similar to SOC 1 Overview (20)

Hitrust: Navigating to 2017, Your Map to HITRUST Certification
Hitrust: Navigating to 2017, Your Map to HITRUST CertificationHitrust: Navigating to 2017, Your Map to HITRUST Certification
Hitrust: Navigating to 2017, Your Map to HITRUST Certification
 
CSA STAR Program
CSA STAR ProgramCSA STAR Program
CSA STAR Program
 
Innovation TVA Presentation Deck
Innovation TVA Presentation DeckInnovation TVA Presentation Deck
Innovation TVA Presentation Deck
 
Facilities Management - Extending Service Automation to Outside Contractors
Facilities Management - Extending Service Automation to Outside ContractorsFacilities Management - Extending Service Automation to Outside Contractors
Facilities Management - Extending Service Automation to Outside Contractors
 
The Customer Success Nuances of On Premise Solutions
The Customer Success Nuances of On Premise SolutionsThe Customer Success Nuances of On Premise Solutions
The Customer Success Nuances of On Premise Solutions
 
2 dean lightwood debt sale (4 3)
2 dean lightwood debt sale (4 3)2 dean lightwood debt sale (4 3)
2 dean lightwood debt sale (4 3)
 
Closing the Loop on Survey Programs
Closing the Loop on Survey ProgramsClosing the Loop on Survey Programs
Closing the Loop on Survey Programs
 
How Gainsight's CEO Uses Gainsight
How Gainsight's CEO Uses GainsightHow Gainsight's CEO Uses Gainsight
How Gainsight's CEO Uses Gainsight
 
How Gainsight's CEO Uses Gainsight
How Gainsight's CEO Uses GainsightHow Gainsight's CEO Uses Gainsight
How Gainsight's CEO Uses Gainsight
 
Working Cross-Functionally at Gainsight
Working Cross-Functionally at GainsightWorking Cross-Functionally at Gainsight
Working Cross-Functionally at Gainsight
 
Salesforce.com Relaunch Featuring Customer Success Story From Aon
Salesforce.com Relaunch Featuring Customer Success Story From AonSalesforce.com Relaunch Featuring Customer Success Story From Aon
Salesforce.com Relaunch Featuring Customer Success Story From Aon
 
Issues Management In The Digital Age
Issues Management In The Digital AgeIssues Management In The Digital Age
Issues Management In The Digital Age
 
Best practices in CSM compensation with customer success leaders
Best practices in CSM compensation with customer success leadersBest practices in CSM compensation with customer success leaders
Best practices in CSM compensation with customer success leaders
 
How to Use Tax Returns for Global Cash Flow with Multiple Pass-Through Entities
How to Use Tax Returns for Global Cash Flow with Multiple Pass-Through EntitiesHow to Use Tax Returns for Global Cash Flow with Multiple Pass-Through Entities
How to Use Tax Returns for Global Cash Flow with Multiple Pass-Through Entities
 
Customer Success Webinar Series: How to Align your Company Around an Onboardi...
Customer Success Webinar Series: How to Align your Company Around an Onboardi...Customer Success Webinar Series: How to Align your Company Around an Onboardi...
Customer Success Webinar Series: How to Align your Company Around an Onboardi...
 
Pulse 2016: Managing Sponsor Change
Pulse 2016: Managing Sponsor ChangePulse 2016: Managing Sponsor Change
Pulse 2016: Managing Sponsor Change
 
"How to Re-Energize Your Digital Analytics Program" - Hyatt + WAD, Digital Ve...
"How to Re-Energize Your Digital Analytics Program" - Hyatt + WAD, Digital Ve..."How to Re-Energize Your Digital Analytics Program" - Hyatt + WAD, Digital Ve...
"How to Re-Energize Your Digital Analytics Program" - Hyatt + WAD, Digital Ve...
 
Getting Value From Gainsight
Getting Value From GainsightGetting Value From Gainsight
Getting Value From Gainsight
 
The keys to scaling your customer success program
The keys to scaling your customer success programThe keys to scaling your customer success program
The keys to scaling your customer success program
 
Usage Data or Not, Customer Success is still Customer Success
Usage Data or Not, Customer Success is still Customer SuccessUsage Data or Not, Customer Success is still Customer Success
Usage Data or Not, Customer Success is still Customer Success
 

More from Schellman & Company

Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018Schellman & Company
 
Determining Scope for PCI DSS Compliance
Determining Scope for PCI DSS ComplianceDetermining Scope for PCI DSS Compliance
Determining Scope for PCI DSS ComplianceSchellman & Company
 
Privacy shield: What You Need To Know About Storing EU Data
Privacy shield: What You Need To Know About Storing EU DataPrivacy shield: What You Need To Know About Storing EU Data
Privacy shield: What You Need To Know About Storing EU DataSchellman & Company
 
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...Schellman & Company
 
PA-DSS and Application Penetration Testing
PA-DSS and Application Penetration TestingPA-DSS and Application Penetration Testing
PA-DSS and Application Penetration TestingSchellman & Company
 
The CSA STAR Program: Certification & Attestation
The CSA STAR Program: Certification & AttestationThe CSA STAR Program: Certification & Attestation
The CSA STAR Program: Certification & AttestationSchellman & Company
 
STAND OUT: Why You Should Become ISO 27001 Certified
STAND OUT: Why You Should Become ISO 27001 CertifiedSTAND OUT: Why You Should Become ISO 27001 Certified
STAND OUT: Why You Should Become ISO 27001 CertifiedSchellman & Company
 
Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018
Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018
Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018Schellman & Company
 
PCI DSS 3.0 Overview and Key Updates
PCI DSS 3.0 Overview and Key UpdatesPCI DSS 3.0 Overview and Key Updates
PCI DSS 3.0 Overview and Key UpdatesSchellman & Company
 
10 Steps Toward FedRAMP Compliance
10 Steps Toward FedRAMP Compliance10 Steps Toward FedRAMP Compliance
10 Steps Toward FedRAMP ComplianceSchellman & Company
 
Your've Been Hacked in Florida! Now What?
Your've Been Hacked in Florida! Now What?Your've Been Hacked in Florida! Now What?
Your've Been Hacked in Florida! Now What?Schellman & Company
 

More from Schellman & Company (15)

Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018
 
Demystifying the Cyber NISTs
Demystifying the Cyber NISTsDemystifying the Cyber NISTs
Demystifying the Cyber NISTs
 
Determining Scope for PCI DSS Compliance
Determining Scope for PCI DSS ComplianceDetermining Scope for PCI DSS Compliance
Determining Scope for PCI DSS Compliance
 
Privacy shield: What You Need To Know About Storing EU Data
Privacy shield: What You Need To Know About Storing EU DataPrivacy shield: What You Need To Know About Storing EU Data
Privacy shield: What You Need To Know About Storing EU Data
 
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...
Work With Federal Agencies? Here's What You Should Know About FedRAMP Assessm...
 
PA-DSS and Application Penetration Testing
PA-DSS and Application Penetration TestingPA-DSS and Application Penetration Testing
PA-DSS and Application Penetration Testing
 
The CSA STAR Program: Certification & Attestation
The CSA STAR Program: Certification & AttestationThe CSA STAR Program: Certification & Attestation
The CSA STAR Program: Certification & Attestation
 
Get Ready Now for HITRUST 2017
Get Ready Now for HITRUST 2017Get Ready Now for HITRUST 2017
Get Ready Now for HITRUST 2017
 
STAND OUT: Why You Should Become ISO 27001 Certified
STAND OUT: Why You Should Become ISO 27001 CertifiedSTAND OUT: Why You Should Become ISO 27001 Certified
STAND OUT: Why You Should Become ISO 27001 Certified
 
Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018
Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018
Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018
 
12 Steps to Preparing for a QAR
12 Steps to Preparing for a QAR12 Steps to Preparing for a QAR
12 Steps to Preparing for a QAR
 
EPCS Overview
EPCS OverviewEPCS Overview
EPCS Overview
 
PCI DSS 3.0 Overview and Key Updates
PCI DSS 3.0 Overview and Key UpdatesPCI DSS 3.0 Overview and Key Updates
PCI DSS 3.0 Overview and Key Updates
 
10 Steps Toward FedRAMP Compliance
10 Steps Toward FedRAMP Compliance10 Steps Toward FedRAMP Compliance
10 Steps Toward FedRAMP Compliance
 
Your've Been Hacked in Florida! Now What?
Your've Been Hacked in Florida! Now What?Your've Been Hacked in Florida! Now What?
Your've Been Hacked in Florida! Now What?
 

Recently uploaded

Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...Falcon Invoice Discounting
 
Cracking the 'Career Pathing' Slideshare
Cracking the 'Career Pathing' SlideshareCracking the 'Career Pathing' Slideshare
Cracking the 'Career Pathing' SlideshareWorkforce Group
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentationuneakwhite
 
New 2024 Cannabis Edibles Investor Pitch Deck Template
New 2024 Cannabis Edibles Investor Pitch Deck TemplateNew 2024 Cannabis Edibles Investor Pitch Deck Template
New 2024 Cannabis Edibles Investor Pitch Deck TemplateCannaBusinessPlans
 
Escorts in Nungambakkam Phone 8250092165 Enjoy 24/7 Escort Service Enjoy Your...
Escorts in Nungambakkam Phone 8250092165 Enjoy 24/7 Escort Service Enjoy Your...Escorts in Nungambakkam Phone 8250092165 Enjoy 24/7 Escort Service Enjoy Your...
Escorts in Nungambakkam Phone 8250092165 Enjoy 24/7 Escort Service Enjoy Your...meghakumariji156
 
Jual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan Cytotec
Jual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan CytotecJual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan Cytotec
Jual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan CytotecZurliaSoop
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...daisycvs
 
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al MizharAl Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizharallensay1
 
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165meghakumariji156
 
Falcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to ProsperityFalcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to Prosperityhemanthkumar470700
 
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All TimeCall 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All Timegargpaaro
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfAdmir Softic
 
Rice Manufacturers in India | Shree Krishna Exports
Rice Manufacturers in India | Shree Krishna ExportsRice Manufacturers in India | Shree Krishna Exports
Rice Manufacturers in India | Shree Krishna ExportsShree Krishna Exports
 
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGParadip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGpr788182
 
joint cost.pptx COST ACCOUNTING Sixteenth Edition ...
joint cost.pptx COST ACCOUNTING Sixteenth Edition ...joint cost.pptx COST ACCOUNTING Sixteenth Edition ...
joint cost.pptx COST ACCOUNTING Sixteenth Edition ...NadhimTaha
 
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAIGetting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAITim Wilson
 
Phases of Negotiation .pptx
Phases of Negotiation .pptx Phases of Negotiation .pptx
Phases of Negotiation .pptxnandhinijagan9867
 
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)Adnet Communications
 

Recently uploaded (20)

Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
 
Cracking the 'Career Pathing' Slideshare
Cracking the 'Career Pathing' SlideshareCracking the 'Career Pathing' Slideshare
Cracking the 'Career Pathing' Slideshare
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentation
 
New 2024 Cannabis Edibles Investor Pitch Deck Template
New 2024 Cannabis Edibles Investor Pitch Deck TemplateNew 2024 Cannabis Edibles Investor Pitch Deck Template
New 2024 Cannabis Edibles Investor Pitch Deck Template
 
Escorts in Nungambakkam Phone 8250092165 Enjoy 24/7 Escort Service Enjoy Your...
Escorts in Nungambakkam Phone 8250092165 Enjoy 24/7 Escort Service Enjoy Your...Escorts in Nungambakkam Phone 8250092165 Enjoy 24/7 Escort Service Enjoy Your...
Escorts in Nungambakkam Phone 8250092165 Enjoy 24/7 Escort Service Enjoy Your...
 
Jual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan Cytotec
Jual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan CytotecJual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan Cytotec
Jual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan Cytotec
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
 
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al MizharAl Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
Al Mizhar Dubai Escorts +971561403006 Escorts Service In Al Mizhar
 
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
 
Falcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to ProsperityFalcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to Prosperity
 
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All TimeCall 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
 
!~+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUD...
!~+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUD...!~+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUD...
!~+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUD...
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
 
Rice Manufacturers in India | Shree Krishna Exports
Rice Manufacturers in India | Shree Krishna ExportsRice Manufacturers in India | Shree Krishna Exports
Rice Manufacturers in India | Shree Krishna Exports
 
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGParadip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
 
joint cost.pptx COST ACCOUNTING Sixteenth Edition ...
joint cost.pptx COST ACCOUNTING Sixteenth Edition ...joint cost.pptx COST ACCOUNTING Sixteenth Edition ...
joint cost.pptx COST ACCOUNTING Sixteenth Edition ...
 
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAIGetting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
 
Phases of Negotiation .pptx
Phases of Negotiation .pptx Phases of Negotiation .pptx
Phases of Negotiation .pptx
 
HomeRoots Pitch Deck | Investor Insights | April 2024
HomeRoots Pitch Deck | Investor Insights | April 2024HomeRoots Pitch Deck | Investor Insights | April 2024
HomeRoots Pitch Deck | Investor Insights | April 2024
 
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
 

SOC 1 Overview

  • 1. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
  • 2. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved Background & Overview 01 ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
  • 3. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved OVERVIEW • SSAE 16 • SOC 1 • AT Section 801 • ISAE 3402
  • 4. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved SERVICE AUDITORS ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
  • 5. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved SERVICE PROVIDERS
  • 6. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved USER ENTITIES
  • 7. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved USER AUDITORS
  • 8. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
  • 9. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved Overview of the AICPA Framework 02 ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
  • 10. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved AICPA SOC FRAMEWORK Applicable SOC-1 SOC-2 SOC-3 Standard/Guidance SSAE 16: AICPA Guide (2013) AT 101: AICPA Guide (2013) AT 101: Technical Practice Aid (2014) Scope ICFR Security/Systems, Privacy Security/Systems, Privacy Criteria Control Objectives Trust Services Principles/GAPP Trust Services Principles/GAPP Usage of report User auditor, user entity, management of SO Knowledgeable parties Anyone
  • 11. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved Purpose & Scope 03 ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
  • 12. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved WHY DO YOU NEED AN SOC REPORT? Regulatory requirements User entity mandates Outsourcing relationships Internal control analysis Independent 3rd party opinion Competition and market
  • 13. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved Focused on financial reporting risks
  • 14. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved SPECIFIED BY THE SERVICE ORGANIZATION • Operational/Application • General IT controls
  • 15. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved The Boundaries 04 ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
  • 16. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved If there is internal control over financial reporting relevance, there is SOC 1 examination!
  • 17. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved BOUNDARIES • What SOC 1 does cover? • What SOC 1 does cover?
  • 18. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved BOUNDARIES • Limited for specific users • Limited purpose
  • 19. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved The Anatomy 05 ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
  • 20. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved Service Auditor’s Report – “The Opinion” Management’s Assertion Description of the System Tests of Controls and Corresponding Results Additional Information – Provided by Service Organization REPORT STRUCTURE
  • 21. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved Unqualified vs. Qualified SERVICE AUDITOR’S REPORT
  • 22. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Commitment - suitability and accuracy • SOX Section 302 certification • Subservice organizations MANAGEMENT’S ASSERTION
  • 23. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved Objective description of the services SYSTEM DESCRIPTION
  • 24. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved Management’s objective description of the services provided to user entities. SYSTEM DESCRIPTION
  • 25. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Test procedures • Results • Deviations / Exceptions TEST OF CONTROLS / RESULTS
  • 26. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved Information not related to ICFR ADDITIONAL INFORMATION
  • 27. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved Common Challenges and Benefits05 ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved
  • 28. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Impact on financial reporting • Legal / regulatory compliance • Impact on production /quality RELEVANCE TO CUSTOMERS’ ICFR
  • 29. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved RELEVANCE TO CUSTOMERS’ ICFR • No financial reporting impact • Misuse of the report
  • 30. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved RELEVANCE TO CUSTOMERS’ ICFR • Accurate use of report • User auditor expectations
  • 31. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Contracts, RFP, SLA • AICPA website • Training and awareness • Executive communication • Discussion with service auditor EDUCATION & PREPAREDNESS
  • 32. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved EDUCATION & PREPAREDNESS • Insufficient timing • Silos / groups
  • 33. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved EDUCATION & PREPAREDNESS • Demonstrates management’s responsibility and accountability • Promotes successful examination efforts
  • 34. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved CUSTOMER REQUIREMENTS • Document client needs • Client discussions • Decide on report type
  • 35. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved CUSTOMER REQUIREMENTS • Choosing the correct report • Trying to meet multiple compliance efforts as a single deliverable
  • 36. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved CUSTOMER REQUIREMENTS • Meet ICFR regulatory or contractual mandates • Bolster trust and confidence • One exam meets multiple customer requests • Promote a stronger control environment
  • 37. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved CARVE-OUT VS INCLUSIVE • Carve-out method emphasis • Subservice organization • Inclusive method requirements
  • 38. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved CARVE-OUT VS INCLUSIVE • Obtaining cooperation / documentation for subservice organization(s)
  • 39. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved CARVE-OUT VS INCLUSIVE • Focused and tailored report
  • 40. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Type 1 • Type 2 REPORT TYPE
  • 41. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Insufficient coverage • Implementation of controls REPORT TYPE
  • 42. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Both attestation reports • Timeliness of report • Report coverage and content REPORT TYPE
  • 43. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved Perform a risk assessment RISK ASSESSMENT & SCOPE
  • 44. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Accurate scope • Control identification RISK ASSESSMENT & SCOPE
  • 45. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Pre-planning process • Better understanding of environment • Early identification of issues RISK ASSESSMENT & SCOPE
  • 46. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Direct assistance • Use work of others INTERNAL AUDIT ASSISTANCE
  • 47. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Learning curve • Difference in testing strategies INTERNAL AUDIT ASSISTANCE
  • 48. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Professional fees and time • Understanding of environment • Evidence gathering and management INTERNAL AUDIT ASSISTANCE
  • 49. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Internally • Service auditors READINESS ASSESSMENT
  • 50. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Inaccurate description of process • Lack of resources READINESS ASSESSMENT
  • 51. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Increase success in the audit • Earlier remediation efforts • Better preparation • Documentation of the narrative READINESS ASSESSMENT
  • 52. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Policies/Procedures • Segregation of duties • Monitoring REMEDIATION
  • 53. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Insufficient planning • Resource constraints • Timely remediation REMEDIATION
  • 54. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Meet ICFR regulatory or contractual mandates • Bolster confidence • Promote a stronger control environment REMEDIATION
  • 55. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Licensed CPA firm • Independent • Single Vendor Approach • Audit Team AUDIT FIRM SELECTION
  • 56. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Lack of mature methodology • Remote only testing • Use of offshore resources AUDIT FIRM SELECTION
  • 57. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • Acceptable auditor to auditor communication • Value-added controls assessment process AUDIT FIRM SELECTION
  • 58. ©2015 BrightLine CPAs & Associates, Inc. All Rights Reserved • SOC Overview • Examination Scoping • RFP Template • Sample Report Download SOC 1 PrepKit