SlideShare a Scribd company logo

Service Organizational Control (SOC 2) Compliance - Kloudlearn

Download as PPTX, PDF
KloudLearn
KloudLearn

Service Organizational Control (SOC 2) Compliance reports are designed to ensure that if you are a service provider handling customer data, it will be transmitted, stored, and processed in a completely confidential way.

Software
1 of 23
Online course offering SOC 2 Compliance © KloudLearn www.kloudlearn.com
Learning Objectives © KloudLearn www.kloudlearn.com 2 Service Organizational Control (SOC) Types of SOC 2 Reports Test for Service Principles The Five Trust Services Principles Trust Principles Criteria Components How does it Work? What Does it Cost? How Long Does it Take?
Service Organizational Control (SOC) 2 © KloudLearn www.kloudlearn.com 3 ● Service Organizational Control (SOC) 2 reports are designed to ensure that if you are a service provider who handles customer data, it will be transmitted, stored, maintained, processed, and disposed of in a way that is strictly confidential. ● Introduced by the American Institute for CPAs (AICPA), SOC 2 compliance indicates to your customers that you will handle their data with the utmost care. ● And in today’s data-heavy world, avoiding data breaches is crucial to your success as a business owner. ● If you are storing your client’s data in the cloud, being SOC 2 certified provides an added level of trust you have with your clients
Types of SOC 2 Reports SOC 2 Type 1 examines the controls used to address one of all Trust Service Principles. This audit type can affirm that an organization’s controls are designed effectively. SOC 2 Type 2 includes the same information, with the addition of testing a service organization’s controls over a period of time ● Pick the Right Report ● Picking the right report will help you show your clients that you are a reputable service provider. ● Being SOC 2 compliant requires that you meet standard security criteria outlined by the AICPA, but the other four trust service principles are not mandatory © KloudLearn www.kloudlearn.com 4
Test for Service Principles As a business owner, think of your customer’s needs and which service principles would best suit those needs. SOC compliance checklists focus on five trust service principles that include: ● Security ● Availability ● Processing integrity ● Confidentiality ● Privacy © KloudLearn www.kloudlearn.com 5 AICPA five trust principles for managing customers’ information - diagram by Imperva
The Five Trust Services Principles TSP section 100 provides criteria for evaluating and reporting on controls related to security, availability, processing integrity, confidentiality, and privacy. In TSP section 100, these five attributes of a system are known as principles, and they are defined as follows: © KloudLearn www.kloudlearn.com 6 Security. The system is protected against unauthorized access (both physical and logical). Availability. The system is available for operation and use as committed or agreed. Processing Integrity. System processing is complete, accurate, timely, and authorized. Privacy. Personal information is collected, used, retained, disclosed, and destroyed in conformity with the commitments in the entity's privacy notice and with criteria set forth in generally accepted privacy principles (GAPP)issued by the AICPA and CICA. Confidentiality. Information designated as confidential is protected as committed or agreed. Security Availability Processing Integrity Privacy Confidentiality
Trust Principles Criteria Components ● The following four components are represented in the respective principles and criteria. ● Policies – The entity defines and documents its policies for the ‘Trust Services Principle’ of its system. ● Communications – The entity communicates its defined ‘Trust Services Principle’ policies to responsible parties and authorized users. ● Procedures – The entity placed in operation procedures to achieve its documented ‘Trust Services Principle’ objectives in accordance with its defined policies. ● Monitoring – The entity monitors the system and takes action to maintain compliance with its defined system Trust Services Principle’ policies © KloudLearn www.kloudlearn.com 7
How does SOC 2 Work? SOC 2 requires that management provide a written assertion and that such assertion be attached to management's description. Suitable criteria is the standard or benchmark used to measure and present the subject matter. Management will select the criteria used to measure the and present the subject matter and will state those criteria in the assertion. Below is a subset of the criteria for determining whether the description of the service’s organization’s system is fairly presented: ● Types of services provided ● Components of the system used to provide the services (infrastructure, software, people, procedures, data) ● Boundaries/aspects of system ● Information on subservice organizations ● Other aspects of the service organization’s control environment ● Any changes over the period represented. © KloudLearn www.kloudlearn.com 8
What Does it Cost? The cost of delivering SOC 2 reporting varies across different organizations. The following factors will impact the cost of reporting for SOC 2: ● The size and complexity of your organization (number of employees, multiple locations, etc.) ● The number of Principles selected. You can select one, several, or all of the Principles. ● The Type of report (Type 1: design only vs. Type 2: design and operating effectiveness) ● The period covered by your report (6-12 months) ● The number of controls. You can include all of your controls or minimize the scope to only high level controls or certain business areas to reduce cost and impact. Remember this is an annual recurring report, so the upfront cost is always higher. Expect costs to lower by 10- 20% in subsequent years. © KloudLearn www.kloudlearn.com 9
How Long Does it Take? ● Type 1 Report Planning and Scoping: 2-4 weeks ● Design Assessment: 3-4 weeks Reporting: 2 weeks ● Total Time: 7-10 weeks © KloudLearn www.kloudlearn.com 10 ● Type 2 Report Planning and Scoping: 2-4 weeks ● Design Assessment: 4-6 weeks (sometimes spread over 2 periods) ● Reporting: 4 weeks ● Total Time: 10-14 weeks
Summary ● SOC 2 is an auditing procedure that ensures your service providers securely manage your data to protect the interests of your organization and the privacy of its clients. ● For security-conscious businesses, SOC 2 compliance is a minimal requirement when considering a SaaS provider. ● Service Organization ■ Provide a competitive advantage ■ The SO can avoid unexpected audits ■ Assist in building trust & confidence ● SOC2/3 can incorporate other publicly available frameworks such as ISO 2700x, PCI/ etc. ● User Organization ■ Provide an independent assessment ■ Assist with regulatory compliance ■ Reduce the possibility of additional audit costs ■ Increase audit efficiency © KloudLearn www.kloudlearn.com 11
Test your knowledge! Quiz Quiz
Software Vendors Cloud Providers Large Companies All the above © KloudLearn www.kloudlearn.com Who needs to be SOC 2 compliant? 13
© KloudLearn www.kloudlearn.com SOC 2 requires AICPA trust service criteria ? 14 True False
© KloudLearn www.kloudlearn.com SOC 2 applies to the public cloud? 15 True False
Implement all applicable administrative policies and internal controls Find a reputable AICPA-affiliated SOC 2 audit firm Both of them None of the above © KloudLearn www.kloudlearn.com How to prepare for a SOC 2 audit? 16
True False © KloudLearn www.kloudlearn.com Are AWS, Azure SOC 2 compliant? 17
© KloudLearn www.kloudlearn.com How do i meet SOC 2 requirements in the cloud? 18 Establish administrative policies and procedures Set security controls to meet policy standards Enforce and maintain security controls across your cloud All the above
© KloudLearn www.kloudlearn.com How do i maintain SOC 2 compliance? 19 Compliance monitoring systems Maintain security controls
© KloudLearn www.kloudlearn.com What does SOC 2 certification cover? 20 System monitoring Data breach alerts Audit procedures Forensics All the above
© KloudLearn www.kloudlearn.com Which matters to certify to SOC 2 compliance? 21 Your existing compliance posture. The size and complexity of your organisation. The cost and availability of a SOC 2 auditor. All the above
© KloudLearn www.kloudlearn.com What does a SOC 2 audit report contain? 22 Management assertion; A detailed description of the system or service; Details of the selected trust services categories; All the above
Thank You © KloudLearn www.kloudlearn.com 23 KloudLearn, Inc. is headquartered in Silicon Valley, California. Our mission is to help enterprises provide an engaging and impactful learning experience that improves business performance. We provide the industry’s most modern LMS (Learning Management System). For more information visit us at www.kloudlearn.com or reach out to us at info@kloudlearn.com

Recommended

SOC 2 and You
SOC 2 and YouSOC 2 and You
SOC 2 and YouSchellman & Company
 
Cyber Security Seminar.pptx
Cyber Security Seminar.pptxCyber Security Seminar.pptx
Cyber Security Seminar.pptxDESTROYER39
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentationMidhun Nirmal
 
ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2Tanmay Shinde
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewShankar Subramaniyan
 
SOC 2 Compliance and Certification
SOC 2 Compliance and CertificationSOC 2 Compliance and Certification
SOC 2 Compliance and CertificationControlCase
 
SOC 2: Build Trust and Confidence
SOC 2: Build Trust and ConfidenceSOC 2: Build Trust and Confidence
SOC 2: Build Trust and ConfidenceSchellman & Company
 
Soc 2 vs iso 27001 certification withh links converted-converted
Soc 2 vs iso 27001 certification withh links converted-convertedSoc 2 vs iso 27001 certification withh links converted-converted
Soc 2 vs iso 27001 certification withh links converted-convertedVISTA InfoSec
 

Recommended

SOC 2 and You
SOC 2 and YouSOC 2 and You
SOC 2 and YouSchellman & Company
 
Cyber Security Seminar.pptx
Cyber Security Seminar.pptxCyber Security Seminar.pptx
Cyber Security Seminar.pptxDESTROYER39
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentationMidhun Nirmal
 
ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2Tanmay Shinde
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewShankar Subramaniyan
 
SOC 2 Compliance and Certification
SOC 2 Compliance and CertificationSOC 2 Compliance and Certification
SOC 2 Compliance and CertificationControlCase
 
SOC 2: Build Trust and Confidence
SOC 2: Build Trust and ConfidenceSOC 2: Build Trust and Confidence
SOC 2: Build Trust and ConfidenceSchellman & Company
 
Soc 2 vs iso 27001 certification withh links converted-converted
Soc 2 vs iso 27001 certification withh links converted-convertedSoc 2 vs iso 27001 certification withh links converted-converted
Soc 2 vs iso 27001 certification withh links converted-convertedVISTA InfoSec
 
Data Center Security
Data Center SecurityData Center Security
Data Center SecurityCisco Canada
 
Microsoft Defender for Endpoint Overview.pptx
Microsoft Defender for Endpoint Overview.pptxMicrosoft Defender for Endpoint Overview.pptx
Microsoft Defender for Endpoint Overview.pptxBenAissaTaher1
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaFahmi Albaheth
 
Soc 2 attestation or ISO 27001 certification - Which is better for organization
Soc 2 attestation or ISO 27001 certification - Which is better for organizationSoc 2 attestation or ISO 27001 certification - Which is better for organization
Soc 2 attestation or ISO 27001 certification - Which is better for organizationVISTA InfoSec
 
Implémenter et gérer un projet iso 27001
Implémenter et gérer un projet iso 27001Implémenter et gérer un projet iso 27001
Implémenter et gérer un projet iso 27001Intellectus services and consulting
 
Realise True Business Value .pdf
Realise True Business Value .pdfRealise True Business Value .pdf
Realise True Business Value .pdfThousandEyes
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001Imran Ahmed
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdfControlCase
 
Enterprise WAN Transformation: SD-WAN, SASE, and the Pandemic
Enterprise WAN Transformation: SD-WAN, SASE, and the PandemicEnterprise WAN Transformation: SD-WAN, SASE, and the Pandemic
Enterprise WAN Transformation: SD-WAN, SASE, and the PandemicEnterprise Management Associates
 
SOC 1 Overview
SOC 1 OverviewSOC 1 Overview
SOC 1 OverviewSchellman & Company
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxDr Madhu Aman Sharma
 
Supply management 1.1.pdf
Supply management 1.1.pdfSupply management 1.1.pdf
Supply management 1.1.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Nexagate corporate profile 2021
Nexagate corporate profile 2021Nexagate corporate profile 2021
Nexagate corporate profile 2021Khairil Effendy
 
ISO 27001 Checklist - Internal Audit - Clause 9.2 - 59 checklist Questions
ISO 27001 Checklist - Internal Audit - Clause 9.2 - 59 checklist QuestionsISO 27001 Checklist - Internal Audit - Clause 9.2 - 59 checklist Questions
ISO 27001 Checklist - Internal Audit - Clause 9.2 - 59 checklist Questionshimalya sharma
 
European Cybersecurity Context
European Cybersecurity ContextEuropean Cybersecurity Context
European Cybersecurity ContextMiguel A. Amutio
 
Iso 27001
Iso 27001Iso 27001
Iso 27001Adam Miller
 
Microsoft 365 Compliance
Microsoft 365 ComplianceMicrosoft 365 Compliance
Microsoft 365 ComplianceDavid J Rosenthal
 
What is ISO 27001 ISMS
What is ISO 27001 ISMSWhat is ISO 27001 ISMS
What is ISO 27001 ISMSBusiness Beam
 
Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Zscaler
 
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...PECB
 
Gaining assurance over 3rd party soc 1 and soc 2 reporting 7-2014
Gaining assurance over 3rd party soc 1 and soc 2 reporting 7-2014Gaining assurance over 3rd party soc 1 and soc 2 reporting 7-2014
Gaining assurance over 3rd party soc 1 and soc 2 reporting 7-2014Accounting_Whitepapers
 
Control Standards for Information Security
Control Standards for Information SecurityControl Standards for Information Security
Control Standards for Information SecurityJohnHPazEMCPMPITIL5G
 

More Related Content

What's hot

Data Center Security
Data Center SecurityData Center Security
Data Center SecurityCisco Canada
 
Microsoft Defender for Endpoint Overview.pptx
Microsoft Defender for Endpoint Overview.pptxMicrosoft Defender for Endpoint Overview.pptx
Microsoft Defender for Endpoint Overview.pptxBenAissaTaher1
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaFahmi Albaheth
 
Soc 2 attestation or ISO 27001 certification - Which is better for organization
Soc 2 attestation or ISO 27001 certification - Which is better for organizationSoc 2 attestation or ISO 27001 certification - Which is better for organization
Soc 2 attestation or ISO 27001 certification - Which is better for organizationVISTA InfoSec
 
Realise True Business Value .pdf
Realise True Business Value .pdfRealise True Business Value .pdf
Realise True Business Value .pdfThousandEyes
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001Imran Ahmed
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdfControlCase
 
Enterprise WAN Transformation: SD-WAN, SASE, and the Pandemic
Enterprise WAN Transformation: SD-WAN, SASE, and the PandemicEnterprise WAN Transformation: SD-WAN, SASE, and the Pandemic
Enterprise WAN Transformation: SD-WAN, SASE, and the PandemicEnterprise Management Associates
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxDr Madhu Aman Sharma
 
Nexagate corporate profile 2021
Nexagate corporate profile 2021Nexagate corporate profile 2021
Nexagate corporate profile 2021Khairil Effendy
 
ISO 27001 Checklist - Internal Audit - Clause 9.2 - 59 checklist Questions
ISO 27001 Checklist - Internal Audit - Clause 9.2 - 59 checklist QuestionsISO 27001 Checklist - Internal Audit - Clause 9.2 - 59 checklist Questions
ISO 27001 Checklist - Internal Audit - Clause 9.2 - 59 checklist Questionshimalya sharma
 
European Cybersecurity Context
European Cybersecurity ContextEuropean Cybersecurity Context
European Cybersecurity ContextMiguel A. Amutio
 
What is ISO 27001 ISMS
What is ISO 27001 ISMSWhat is ISO 27001 ISMS
What is ISO 27001 ISMSBusiness Beam
 
Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Zscaler
 
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...PECB
 

What's hot (20)

Data Center Security
Data Center SecurityData Center Security
Data Center Security
 
Microsoft Defender for Endpoint Overview.pptx
Microsoft Defender for Endpoint Overview.pptxMicrosoft Defender for Endpoint Overview.pptx
Microsoft Defender for Endpoint Overview.pptx
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan Mustafa
 
Soc 2 attestation or ISO 27001 certification - Which is better for organization
Soc 2 attestation or ISO 27001 certification - Which is better for organizationSoc 2 attestation or ISO 27001 certification - Which is better for organization
Soc 2 attestation or ISO 27001 certification - Which is better for organization
 
Implémenter et gérer un projet iso 27001
Implémenter et gérer un projet iso 27001Implémenter et gérer un projet iso 27001
Implémenter et gérer un projet iso 27001
 
Realise True Business Value .pdf
Realise True Business Value .pdfRealise True Business Value .pdf
Realise True Business Value .pdf
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf
 
Enterprise WAN Transformation: SD-WAN, SASE, and the Pandemic
Enterprise WAN Transformation: SD-WAN, SASE, and the PandemicEnterprise WAN Transformation: SD-WAN, SASE, and the Pandemic
Enterprise WAN Transformation: SD-WAN, SASE, and the Pandemic
 
SOC 1 Overview
SOC 1 OverviewSOC 1 Overview
SOC 1 Overview
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptx
 
Supply management 1.1.pdf
Supply management 1.1.pdfSupply management 1.1.pdf
Supply management 1.1.pdf
 
Nexagate corporate profile 2021
Nexagate corporate profile 2021Nexagate corporate profile 2021
Nexagate corporate profile 2021
 
ISO 27001 Checklist - Internal Audit - Clause 9.2 - 59 checklist Questions
ISO 27001 Checklist - Internal Audit - Clause 9.2 - 59 checklist QuestionsISO 27001 Checklist - Internal Audit - Clause 9.2 - 59 checklist Questions
ISO 27001 Checklist - Internal Audit - Clause 9.2 - 59 checklist Questions
 
European Cybersecurity Context
European Cybersecurity ContextEuropean Cybersecurity Context
European Cybersecurity Context
 
Iso 27001
Iso 27001Iso 27001
Iso 27001
 
Microsoft 365 Compliance
Microsoft 365 ComplianceMicrosoft 365 Compliance
Microsoft 365 Compliance
 
What is ISO 27001 ISMS
What is ISO 27001 ISMSWhat is ISO 27001 ISMS
What is ISO 27001 ISMS
 
Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?
 
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
 

Similar to Service Organizational Control (SOC 2) Compliance - Kloudlearn

Gaining assurance over 3rd party soc 1 and soc 2 reporting 7-2014
Gaining assurance over 3rd party soc 1 and soc 2 reporting 7-2014Gaining assurance over 3rd party soc 1 and soc 2 reporting 7-2014
Gaining assurance over 3rd party soc 1 and soc 2 reporting 7-2014Accounting_Whitepapers
 
Control Standards for Information Security
Control Standards for Information SecurityControl Standards for Information Security
Control Standards for Information SecurityJohnHPazEMCPMPITIL5G
 
Cyber Security Certifications.pdf
Cyber Security Certifications.pdfCyber Security Certifications.pdf
Cyber Security Certifications.pdfroguelogics
 
About SOC 2 Compliance
About SOC 2 Compliance About SOC 2 Compliance
About SOC 2 Complianceroguelogics
 
About SOC 2 Compliance
About SOC 2 Compliance About SOC 2 Compliance
About SOC 2 Complianceroguelogics
 
Facility Environmental Audit Guidelines
Facility Environmental Audit GuidelinesFacility Environmental Audit Guidelines
Facility Environmental Audit Guidelinesamburyj3c9
 
Account Right SOC Services brochure.pptx
Account Right SOC Services brochure.pptxAccount Right SOC Services brochure.pptx
Account Right SOC Services brochure.pptxGaneshMeenakshiSunda4
 
Leveraging compliance to raise the bar on security
Leveraging compliance to raise the bar on securityLeveraging compliance to raise the bar on security
Leveraging compliance to raise the bar on securityMike Lemire
 
Soc 2 Compliance.pdf
Soc 2 Compliance.pdfSoc 2 Compliance.pdf
Soc 2 Compliance.pdfroguelogics
 
Soc 2 Compliance.pdf
Soc 2 Compliance.pdfSoc 2 Compliance.pdf
Soc 2 Compliance.pdfroguelogics
 
CSA Introduction 2013 David Ross
CSA Introduction 2013 David RossCSA Introduction 2013 David Ross
CSA Introduction 2013 David RossGraeme Wood
 
Ensuring SOC 2 Compliance A Comp Checklist.pdf
Ensuring SOC 2 Compliance A Comp Checklist.pdfEnsuring SOC 2 Compliance A Comp Checklist.pdf
Ensuring SOC 2 Compliance A Comp Checklist.pdfsocurely
 
BKMSH Basics of SOC II
BKMSH Basics of SOC IIBKMSH Basics of SOC II
BKMSH Basics of SOC IIMojoFinancial
 
Everything You Need to Learn About SOC 2 Compliance.pdf
Everything You Need to Learn About SOC 2 Compliance.pdfEverything You Need to Learn About SOC 2 Compliance.pdf
Everything You Need to Learn About SOC 2 Compliance.pdfnikhilahuja45612
 
Are SSAE 16 Data Center Problems Impacting Customers? (SlideShare)
Are SSAE 16 Data Center Problems Impacting Customers? (SlideShare)Are SSAE 16 Data Center Problems Impacting Customers? (SlideShare)
Are SSAE 16 Data Center Problems Impacting Customers? (SlideShare)SP Home Run Inc.
 
Event Monitoring: Use Powerful Insights to Improve Performance and Security
Event Monitoring: Use Powerful Insights to Improve Performance and SecurityEvent Monitoring: Use Powerful Insights to Improve Performance and Security
Event Monitoring: Use Powerful Insights to Improve Performance and SecurityDreamforce
 
How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...
How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...
How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...Ignyte Assurance Platform
 

Similar to Service Organizational Control (SOC 2) Compliance - Kloudlearn (20)

Gaining assurance over 3rd party soc 1 and soc 2 reporting 7-2014
Gaining assurance over 3rd party soc 1 and soc 2 reporting 7-2014Gaining assurance over 3rd party soc 1 and soc 2 reporting 7-2014
Gaining assurance over 3rd party soc 1 and soc 2 reporting 7-2014
 
Control Standards for Information Security
Control Standards for Information SecurityControl Standards for Information Security
Control Standards for Information Security
 
Cyber Security Certifications.pdf
Cyber Security Certifications.pdfCyber Security Certifications.pdf
Cyber Security Certifications.pdf
 
About SOC 2 Compliance
About SOC 2 Compliance About SOC 2 Compliance
About SOC 2 Compliance
 
About SOC 2 Compliance
About SOC 2 Compliance About SOC 2 Compliance
About SOC 2 Compliance
 
Facility Environmental Audit Guidelines
Facility Environmental Audit GuidelinesFacility Environmental Audit Guidelines
Facility Environmental Audit Guidelines
 
Account Right SOC Services brochure.pptx
Account Right SOC Services brochure.pptxAccount Right SOC Services brochure.pptx
Account Right SOC Services brochure.pptx
 
Leveraging compliance to raise the bar on security
Leveraging compliance to raise the bar on securityLeveraging compliance to raise the bar on security
Leveraging compliance to raise the bar on security
 
Soc 2 Compliance.pdf
Soc 2 Compliance.pdfSoc 2 Compliance.pdf
Soc 2 Compliance.pdf
 
Soc 2 Compliance.pdf
Soc 2 Compliance.pdfSoc 2 Compliance.pdf
Soc 2 Compliance.pdf
 
CSA Introduction 2013 David Ross
CSA Introduction 2013 David RossCSA Introduction 2013 David Ross
CSA Introduction 2013 David Ross
 
Introduction to CSA Australia 2013 by David Ross
Introduction to CSA Australia 2013 by David RossIntroduction to CSA Australia 2013 by David Ross
Introduction to CSA Australia 2013 by David Ross
 
Compliance in Public Cloud & CSA Framework
Compliance in Public Cloud & CSA FrameworkCompliance in Public Cloud & CSA Framework
Compliance in Public Cloud & CSA Framework
 
Ensuring SOC 2 Compliance A Comp Checklist.pdf
Ensuring SOC 2 Compliance A Comp Checklist.pdfEnsuring SOC 2 Compliance A Comp Checklist.pdf
Ensuring SOC 2 Compliance A Comp Checklist.pdf
 
Review_2013
Review_2013Review_2013
Review_2013
 
BKMSH Basics of SOC II
BKMSH Basics of SOC IIBKMSH Basics of SOC II
BKMSH Basics of SOC II
 
Everything You Need to Learn About SOC 2 Compliance.pdf
Everything You Need to Learn About SOC 2 Compliance.pdfEverything You Need to Learn About SOC 2 Compliance.pdf
Everything You Need to Learn About SOC 2 Compliance.pdf
 
Are SSAE 16 Data Center Problems Impacting Customers? (SlideShare)
Are SSAE 16 Data Center Problems Impacting Customers? (SlideShare)Are SSAE 16 Data Center Problems Impacting Customers? (SlideShare)
Are SSAE 16 Data Center Problems Impacting Customers? (SlideShare)
 
Event Monitoring: Use Powerful Insights to Improve Performance and Security
Event Monitoring: Use Powerful Insights to Improve Performance and SecurityEvent Monitoring: Use Powerful Insights to Improve Performance and Security
Event Monitoring: Use Powerful Insights to Improve Performance and Security
 
How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...
How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...
How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...
 

More from KloudLearn

What is Phishing - Kloudlearn
What is Phishing - KloudlearnWhat is Phishing - Kloudlearn
What is Phishing - KloudlearnKloudLearn
 
What is a Malware - Kloudlearn
What is a Malware - KloudlearnWhat is a Malware - Kloudlearn
What is a Malware - KloudlearnKloudLearn
 
Health Insurance Portability and Accountability Act (HIPPA) - Kloudlearn
Health Insurance Portability and Accountability Act (HIPPA) - KloudlearnHealth Insurance Portability and Accountability Act (HIPPA) - Kloudlearn
Health Insurance Portability and Accountability Act (HIPPA) - KloudlearnKloudLearn
 
Employee Awareness in Cyber Security - Kloudlearn
Employee Awareness in Cyber Security - KloudlearnEmployee Awareness in Cyber Security - Kloudlearn
Employee Awareness in Cyber Security - KloudlearnKloudLearn
 
Cyber Crisis Management - Kloudlearn
Cyber Crisis Management - KloudlearnCyber Crisis Management - Kloudlearn
Cyber Crisis Management - KloudlearnKloudLearn
 
Cloud Security - Kloudlearn
Cloud Security - KloudlearnCloud Security - Kloudlearn
Cloud Security - KloudlearnKloudLearn
 
California Consumer Privacy Act (CCPA) - Kloudlearn
California Consumer Privacy Act (CCPA) - KloudlearnCalifornia Consumer Privacy Act (CCPA) - Kloudlearn
California Consumer Privacy Act (CCPA) - KloudlearnKloudLearn
 
KloudLearn LMS | E-learning Platform
KloudLearn LMS | E-learning Platform KloudLearn LMS | E-learning Platform
KloudLearn LMS | E-learning Platform KloudLearn
 

More from KloudLearn (8)

What is Phishing - Kloudlearn
What is Phishing - KloudlearnWhat is Phishing - Kloudlearn
What is Phishing - Kloudlearn
 
What is a Malware - Kloudlearn
What is a Malware - KloudlearnWhat is a Malware - Kloudlearn
What is a Malware - Kloudlearn
 
Health Insurance Portability and Accountability Act (HIPPA) - Kloudlearn
Health Insurance Portability and Accountability Act (HIPPA) - KloudlearnHealth Insurance Portability and Accountability Act (HIPPA) - Kloudlearn
Health Insurance Portability and Accountability Act (HIPPA) - Kloudlearn
 
Employee Awareness in Cyber Security - Kloudlearn
Employee Awareness in Cyber Security - KloudlearnEmployee Awareness in Cyber Security - Kloudlearn
Employee Awareness in Cyber Security - Kloudlearn
 
Cyber Crisis Management - Kloudlearn
Cyber Crisis Management - KloudlearnCyber Crisis Management - Kloudlearn
Cyber Crisis Management - Kloudlearn
 
Cloud Security - Kloudlearn
Cloud Security - KloudlearnCloud Security - Kloudlearn
Cloud Security - Kloudlearn
 
California Consumer Privacy Act (CCPA) - Kloudlearn
California Consumer Privacy Act (CCPA) - KloudlearnCalifornia Consumer Privacy Act (CCPA) - Kloudlearn
California Consumer Privacy Act (CCPA) - Kloudlearn
 
KloudLearn LMS | E-learning Platform
KloudLearn LMS | E-learning Platform KloudLearn LMS | E-learning Platform
KloudLearn LMS | E-learning Platform
 

Recently uploaded

(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsAhmed Mohamed
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesPhilip Schwarz
 
Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Velvetech LLC
 
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)jennyeacort
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样umasea
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaHanief Utama
 
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024StefanoLambiase
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmSujith Sukumaran
 
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作qr0udbr0
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio, Inc.
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Andreas Granig
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Hr365.us smith
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptkotipi9215
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - InfographicHr365.us smith
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based projectAnoyGreter
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWave PLM
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataBradBedford3
 

Recently uploaded (20)

(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML Diagrams
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a series
 
Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...
 
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief Utama
 
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalm
 
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.ppt
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - Infographic
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based project
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need It
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
 

Service Organizational Control (SOC 2) Compliance - Kloudlearn

  • 1. Online course offering SOC 2 Compliance © KloudLearn www.kloudlearn.com
  • 2. Learning Objectives © KloudLearn www.kloudlearn.com 2 Service Organizational Control (SOC) Types of SOC 2 Reports Test for Service Principles The Five Trust Services Principles Trust Principles Criteria Components How does it Work? What Does it Cost? How Long Does it Take?
  • 3. Service Organizational Control (SOC) 2 © KloudLearn www.kloudlearn.com 3 ● Service Organizational Control (SOC) 2 reports are designed to ensure that if you are a service provider who handles customer data, it will be transmitted, stored, maintained, processed, and disposed of in a way that is strictly confidential. ● Introduced by the American Institute for CPAs (AICPA), SOC 2 compliance indicates to your customers that you will handle their data with the utmost care. ● And in today’s data-heavy world, avoiding data breaches is crucial to your success as a business owner. ● If you are storing your client’s data in the cloud, being SOC 2 certified provides an added level of trust you have with your clients
  • 4. Types of SOC 2 Reports SOC 2 Type 1 examines the controls used to address one of all Trust Service Principles. This audit type can affirm that an organization’s controls are designed effectively. SOC 2 Type 2 includes the same information, with the addition of testing a service organization’s controls over a period of time ● Pick the Right Report ● Picking the right report will help you show your clients that you are a reputable service provider. ● Being SOC 2 compliant requires that you meet standard security criteria outlined by the AICPA, but the other four trust service principles are not mandatory © KloudLearn www.kloudlearn.com 4
  • 5. Test for Service Principles As a business owner, think of your customer’s needs and which service principles would best suit those needs. SOC compliance checklists focus on five trust service principles that include: ● Security ● Availability ● Processing integrity ● Confidentiality ● Privacy © KloudLearn www.kloudlearn.com 5 AICPA five trust principles for managing customers’ information - diagram by Imperva
  • 6. The Five Trust Services Principles TSP section 100 provides criteria for evaluating and reporting on controls related to security, availability, processing integrity, confidentiality, and privacy. In TSP section 100, these five attributes of a system are known as principles, and they are defined as follows: © KloudLearn www.kloudlearn.com 6 Security. The system is protected against unauthorized access (both physical and logical). Availability. The system is available for operation and use as committed or agreed. Processing Integrity. System processing is complete, accurate, timely, and authorized. Privacy. Personal information is collected, used, retained, disclosed, and destroyed in conformity with the commitments in the entity's privacy notice and with criteria set forth in generally accepted privacy principles (GAPP)issued by the AICPA and CICA. Confidentiality. Information designated as confidential is protected as committed or agreed. Security Availability Processing Integrity Privacy Confidentiality
  • 7. Trust Principles Criteria Components ● The following four components are represented in the respective principles and criteria. ● Policies – The entity defines and documents its policies for the ‘Trust Services Principle’ of its system. ● Communications – The entity communicates its defined ‘Trust Services Principle’ policies to responsible parties and authorized users. ● Procedures – The entity placed in operation procedures to achieve its documented ‘Trust Services Principle’ objectives in accordance with its defined policies. ● Monitoring – The entity monitors the system and takes action to maintain compliance with its defined system Trust Services Principle’ policies © KloudLearn www.kloudlearn.com 7
  • 8. How does SOC 2 Work? SOC 2 requires that management provide a written assertion and that such assertion be attached to management's description. Suitable criteria is the standard or benchmark used to measure and present the subject matter. Management will select the criteria used to measure the and present the subject matter and will state those criteria in the assertion. Below is a subset of the criteria for determining whether the description of the service’s organization’s system is fairly presented: ● Types of services provided ● Components of the system used to provide the services (infrastructure, software, people, procedures, data) ● Boundaries/aspects of system ● Information on subservice organizations ● Other aspects of the service organization’s control environment ● Any changes over the period represented. © KloudLearn www.kloudlearn.com 8
  • 9. What Does it Cost? The cost of delivering SOC 2 reporting varies across different organizations. The following factors will impact the cost of reporting for SOC 2: ● The size and complexity of your organization (number of employees, multiple locations, etc.) ● The number of Principles selected. You can select one, several, or all of the Principles. ● The Type of report (Type 1: design only vs. Type 2: design and operating effectiveness) ● The period covered by your report (6-12 months) ● The number of controls. You can include all of your controls or minimize the scope to only high level controls or certain business areas to reduce cost and impact. Remember this is an annual recurring report, so the upfront cost is always higher. Expect costs to lower by 10- 20% in subsequent years. © KloudLearn www.kloudlearn.com 9
  • 10. How Long Does it Take? ● Type 1 Report Planning and Scoping: 2-4 weeks ● Design Assessment: 3-4 weeks Reporting: 2 weeks ● Total Time: 7-10 weeks © KloudLearn www.kloudlearn.com 10 ● Type 2 Report Planning and Scoping: 2-4 weeks ● Design Assessment: 4-6 weeks (sometimes spread over 2 periods) ● Reporting: 4 weeks ● Total Time: 10-14 weeks
  • 11. Summary ● SOC 2 is an auditing procedure that ensures your service providers securely manage your data to protect the interests of your organization and the privacy of its clients. ● For security-conscious businesses, SOC 2 compliance is a minimal requirement when considering a SaaS provider. ● Service Organization ■ Provide a competitive advantage ■ The SO can avoid unexpected audits ■ Assist in building trust & confidence ● SOC2/3 can incorporate other publicly available frameworks such as ISO 2700x, PCI/ etc. ● User Organization ■ Provide an independent assessment ■ Assist with regulatory compliance ■ Reduce the possibility of additional audit costs ■ Increase audit efficiency © KloudLearn www.kloudlearn.com 11
  • 13. Software Vendors Cloud Providers Large Companies All the above © KloudLearn www.kloudlearn.com Who needs to be SOC 2 compliant? 13
  • 14. © KloudLearn www.kloudlearn.com SOC 2 requires AICPA trust service criteria ? 14 True False
  • 15. © KloudLearn www.kloudlearn.com SOC 2 applies to the public cloud? 15 True False
  • 16. Implement all applicable administrative policies and internal controls Find a reputable AICPA-affiliated SOC 2 audit firm Both of them None of the above © KloudLearn www.kloudlearn.com How to prepare for a SOC 2 audit? 16
  • 17. True False © KloudLearn www.kloudlearn.com Are AWS, Azure SOC 2 compliant? 17
  • 18. © KloudLearn www.kloudlearn.com How do i meet SOC 2 requirements in the cloud? 18 Establish administrative policies and procedures Set security controls to meet policy standards Enforce and maintain security controls across your cloud All the above
  • 19. © KloudLearn www.kloudlearn.com How do i maintain SOC 2 compliance? 19 Compliance monitoring systems Maintain security controls
  • 20. © KloudLearn www.kloudlearn.com What does SOC 2 certification cover? 20 System monitoring Data breach alerts Audit procedures Forensics All the above
  • 21. © KloudLearn www.kloudlearn.com Which matters to certify to SOC 2 compliance? 21 Your existing compliance posture. The size and complexity of your organisation. The cost and availability of a SOC 2 auditor. All the above
  • 22. © KloudLearn www.kloudlearn.com What does a SOC 2 audit report contain? 22 Management assertion; A detailed description of the system or service; Details of the selected trust services categories; All the above
  • 23. Thank You © KloudLearn www.kloudlearn.com 23 KloudLearn, Inc. is headquartered in Silicon Valley, California. Our mission is to help enterprises provide an engaging and impactful learning experience that improves business performance. We provide the industry’s most modern LMS (Learning Management System). For more information visit us at www.kloudlearn.com or reach out to us at info@kloudlearn.com