Loading...

SSAE18, SOC 1, SOC 2 - What Do I Need?

We will explore the different types of Service Organization Control (SOC) reports provided by vendors and highlight the best items that should be requested from vendors. In addition to what report(s) to ask for, we will explore different SOC report types in detail, to highlight what to look for and why.

OnDemand
Recorded Wednesday,
September 13th, 2023
Presented by Shane Daniel
1h 30m total length
$279.00 or 1 Token

Includes: 30 Days OnDemand Playback, Presenter Materials and Handouts

  • General Compliance
  • Information Technology/Security
  • Risk Management/Legal
  • Technology/Security
  • Compliance Officer
  • Internal Auditor
  • IT Professional
  • Privacy Officer/Information Security Professional
  • Risk Manager
  • Senior Management

Save on annual training costs with our Webinar Subscription Service and share webinars across your entire organization.

Become a subscriber

Learn about upcoming events, webinars and discounts.

Sign Up For Email Notifications

All regulators say, in a similar fashion, that we must understand the security controls of a third party to the same extent as we understand our own internal controls. Most industries rely heavily on SSAE18 audit reports and the Service Organization Control's (SOC) 2 reports provided by vendors. What are the differences between these different reports, and which should we be requesting? And once we obtain them, how do we understand the security controls to the same extent as our own?

We will explore the different types of SOC reports provided by vendors and highlight the best items that should be requested from vendors. In addition to what report(s) to ask for, we will explore different SOC report types in detail to highlight what to look for and why.

What You'll Learn

  • Vendor Management Regulatory Expectations
  • Third Party (Vendor) Management best practices
  • Fourth Party/Supply Chain Management
  • Required Documentation, including the different SOC Report types
  • Other items useful in vendor reviews
  • Detailed Due Diligence and Contract Review questions

Who Should Attend

Information Security Officer, IT Manager, Risk Officer, Internal Auditor, CFO, and Executives looking to understand the risk around Vendor Management.


Shane Daniel

Instructor Bio

Shane Daniel is a Senior Information Security Consultant for SBS CyberSecurity, where he works to help organizations identify and understand cybersecurity risks to allow them to make better and more informed business decisions.

As a former community bank internal auditor and compliance officer, Shane has over 27 years of experience helping financial institutions manage risk and profitability. He is driven to be an expert in his field by maintaining a variety of premier industry certifications, including Certified Public Accountant (CPA), Certified Information Systems Auditor (CISA), Certified in the Governance of Enterprise IT (CGEIT), Certified in Risk and Information Systems Control (CRISC), and a Certified Internal Auditor (CIA). Shane specializes in risk management, information technology audit, Bank Secrecy Act independent testing, compliance management, information security, and internal audit outsourcing.