Understand the differences between the various AICPA SOC reports (SOC 1, 2, 3, and Cyber). Learn the contents of the reports and how to understand them from various points of view. Learn about various control objectives for SOC 1 and the criteria for SOC 2 and SOC Cyber and how many companies meet them. Understand the impacts of cloud providers both at the service and subservice organization levels.
Course ID: SDCA
AICPA SOC Deep Dive and Cybersecurity for CPA Firms
Learning Objectives
• Understand the differences in the various SOC reports and their use.
• Know what to look for in a SOC report from a user entity or user auditor point of view.
• Have a better understanding of the criteria for SOC reports and how service organizations typically meet them.
Major Topics
• SOC 1 and objectives
• SOC 2 and criteria
• SOC 3
• SOC Cyber and criteria
• Different sections of a SOC report
• SOC report users/roles
• Key elements to look for in a report
• Bridge letters
• Other frameworks (HIPAA, HITRUST, CSA CCM, NIST, ISO, etc.)
Advanced Preparations
None
Who Should Attend
Security managers, Service organization personnel, CPA auditors of service organizations, User auditors who have to rely on other SOC reports
Fields of Study
Information TechnologyPrerequisites
None