SOC 2(R) Report Walkthrough

Overview

This course will walk you through a SOC 2 report, giving you enhanced knowledge of essential information for preparing or reviewing SOC 2 reports.

Get comfortable with SOC 2 reports. Avoid potential pitfalls.

For service auditors and user entities new to SOC 2 reporting, not understanding the report contents can result in reporting deficiencies or inappropriate identification of key information.

How will this course benefit you?

This CPE self-study course presents the contents of each section of a SOC 2 report, highlighting key items of interest.As a user or user auditor, you will be better able to identify pertinent information that affects your organization or audit work. And as a service provider or service auditor, you will be better able to recognize what users are looking for and meet the requirements of SSAE No. 18.

Why take this course?

Take this course as an introduction to SOC 2 reporting, to strengthen your foundational knowledge as you perform SOC 2 examinations as a service auditor or as you review SOC 2 reports as a user entity or user auditor.

Highlights

Key Topics

• Sections within a SOC 2 report
• CUEC considerations
• Inclusive versus carve-out methods of reporting on controls at subservice organizations
• Report opinion types
• SOC 3 reporting
• Bridge letters

Prerequisites

None

Designed For

Who Will Benefit

• Service auditors with 0-2 years of experience
• Service organization management
• Users (user entities and user entity auditors)
• Security managers involved in vendor management

Objectives

Learning Outcomes

• Recognize the sections within a SOC 2 report and responsibility for each, including complementary subservice organization controls (CSOCs).
• Identify key elements when reviewing a SOC 2 report, including complementary user entity controls (CUECs) and report opinion types
• Recall considerations related to exceptions, bridge letters, and SOC 3r reports.