SSAE18, SOC 1, SOC 2 – What Do I Need? Webinar
Our industry currently relies heavily on the new SSAE18 Audit Report and the Service Organization Control (SOC)2 reports provided by vendors. What are the differences between these two reports, and which should we be requesting? And once we obtain them, how do we understand the security controls to the “same extent” as our own?
Webinar Description and Intended Audience
Each of our regulators say this in a similar way, we must understand the security controls of a third party “to the same extent” as we understand our own internal controls. This is challenging, as some of our vendors share few details about controls. Our industry currently relies heavily on the new SSAE18 Audit Report and the Service Organization Control (SOC)2 reports provided by vendors. What are the differences between these two reports, and which should we be requesting? And once we obtain them, how do we understand the security controls to the “same extent” as our own?
We will explore the different types of SOC reports provided by vendors and highlight the best items that should be requested from vendors. Each of these reports serves a different purpose and will provide different value to your institution. In addition to what reports to ask for, we will explore them in detail to highlight what to look for and how to fill in the gaps to ensure your understanding security to the “same extent”.
- Third Party Management best practices
- Fourth Party Management assistance
- Updated Regulatory Expectations
- Existing Regulatory Review
- SSAE16 vs SSAE18 standard changes
- SOC1, SOC2, SOC3 Audits
- SOC Reports Type 1 and Type 2
- Other items useful in vendor reviews
- Detailed due diligence and contract questions
Who Should Attend?
Information Security Officer, IT Manager, Risk Officer, Internal Auditor, CFO, and Executives looking to understand the risk around Vendor Management.
Webinar Viewing Options
INCLUDES 7 DAYS OF UNLIMITED ONDEMAND PLAYBACK! With this option, you will participate in the webinar live, via the internet. You will login to the webinar on your PC to view the PowerPoint presentation, and you have the option of using your PC speakers or a telephone for the audio. You can type and send your questions to the instructor. Many companies are now running their PC through an LCD projector allowing many employees to participate at the same time. And don’t worry if you miss the webinar, you can still view it for up to seven days after it takes place!
SIX MONTH ONDEMAND VIDEO:
With this option, you will receive an e-mail that contains a link to the PowerPoint slides (to download, print, and copy) as well as a link to the media player where you will view and hear the entire webinar just as it was delivered, featuring the full-color PowerPoint presentation with audio. You can pause, fast-forward and rewind as needed, which makes it a very effective training tool. The OnDemand Video will be available to you (and anyone else in the company) for six months and can be accessed 24/7 as many times as you wish. Delivered via e-mail the day after the webinar takes place.
If you do not have internet access or want to make the webinar part of your training library, the CD-ROM Recording is a great option for viewing a webinar. You can pause, fast-forward and rewind as needed, which makes it an effective training tool. With this option, you will receive a download of any applicable handouts and a CD-ROM (featuring the full-color PowerPoint presentation with audio) via regular mail. Mailed 7 to 10 days after the webinar takes place.
Webinars can be scheduled and offered exclusively for your company. They can even be customized to best fit your needs. To find out more, please complete the in-house request form found in the Schedule and Registration Information section below.
Continuing Education (CE) Credits
This webinar is recommended for 2.5 CE Credit Hours. Each attendee will receive a Certificate of Attendance for self-reporting of CE Credits.