Questions we will answer: 

We will walk through how important marketplace trends like the explosion of data creation, cybercrime, and reliance on third party service providers has led to the rise in popularity of SOC 2.

In this video we will answer the questions:

1. Why does SOC 2 exist? 

2. Why is it becoming so common for companies to ask each other for SOC 2 reports?

In this lecture we cover how the SOC 2 standard is governed, who is authorized to issue a SOC 2 report, and why you this matters to you. We will talk about the relationship between five key players: 

1. The AICPA who governs the SOC 2 standard

2. CPA Firms that perform the SOC 2 audits

3. The AICPA CPA Peer Review Program

4. Your company that wants a SOC 2 audit

5. Your customers and stakeholders that want to read your SOC 2 report

Questions We Will Answer: 

In this lecture we will cover the two key components that drive the scope of your SOC 2 report: 

1. Which of the 5 Trust Services Criteria you select, and

2. The "System" (Products, Technology, Locations, Processes, etc.) you define as your scope.

In this lecture we will cover the 4-step process to obtain a SOC 2 report: 

1. SOC 2 Gap Assessment

2. Correcting identified Issues

3. SOC 2 Type I Report

4. SOC 2 Type II Report

In this lecture we will cover: 

1. What people are typically involved in a SOC 2 audit,

2. The typical efforts (by role) to expect during the audit, and

3. The drivers of audit fees for a SOC 2 audit.

One of the biggest factors that will impact your SOC 2 audit experience is the firm you select as your partner in the SOC 2 process. In this course, we will cover some lessons learned in choosing a great partner to help you through the SOC 2 journey: 

1. SOC 2 Auditor vs. SOC 2 Consultant,

2. How to choose a great audit firm, and

3. Questions to ask and setting ground rules with your audit firm partner.

Going through an audit can be scary. This lecture will give you the insight you need to go into an audit with confidence that you know exactly what to expect from the auditor.

1. What to expect from the auditor

2. How the auditor performs an audit

3. How you should interact with the auditor

4. A couple of examples of how the auditor will review your Company

You will need to provide the SOC 2 auditor hundreds of pieces of evidence during a SOC 2 audit. After this lecture you will have an insider's perspective on what to expect during your SOC 2 audit.

In this lecture we are going to:

1. Review some of the types of evidence you can expect to provide the auditor,

2. Review the workflow to provide evidence between your team and the auditor, and

3. Demo a real world example of an audit information request list.

It's time for the real audit. Are you ready? In this lecture we will talk through how you can go into your SOC 2 audit with confidence: 

1. How to prepare your team

2. Spot checking controls and evidence

3. Setting clear ground rules with your auditor

In this lecture we cover 10 of the most frequently asked questions about SOC 2 reports like: 

1. What if I am in the cloud? 

2. What if my whole company is remote? 

3. What is the difference between SOC 2 and ISO 27001? 

4. Does the auditor have to come on site? 

5. What if my scope changes during the year? 

6. What if I need to map to other frameworks like ISO 27001, PCI DSS, or HIPAA? 

7. What if I need to be compliance with privacy frameworks like GDPR? 

8. What if I outsource development or other key functions? 

9. What are the most common mistakes? 

10. Do you have policy templates? 

In this lecture we will point you to free resources and templates you can use to get started on your SOC 2 journey.

1. All of the material referenced in this course

2. SOC 2 recurring events

3. SOC 2 Control Spot-Check checklist

4. Free Videos

5. Free Downloads and Templates

Check the downloadable materials in the description of this lecture!