Course ID: SDCA

AICPA SOC Deep Dive and Cybersecurity for CPA Firms

Understand the differences between the various AICPA SOC reports (SOC 1, 2, 3, and Cyber). Learn the contents of the reports and how to understand them from various points of view. Learn about various control objectives for SOC 1 and the criteria for SOC 2 and SOC Cyber and how many companies meet them. Understand the impacts of cloud providers both at the service and subservice organization levels.

Learning Objectives

• Understand the differences in the various SOC reports and their use.
• Know what to look for in a SOC report from a user entity or user auditor point of view.
• Have a better understanding of the criteria for SOC reports and how service organizations typically meet them.

Major Topics

• SOC 1 and objectives
• SOC 2 and criteria
• SOC 3
• SOC Cyber and criteria
• Different sections of a SOC report
• SOC report users/roles
• Key elements to look for in a report
• Bridge letters
• Other frameworks (HIPAA, HITRUST, CSA CCM, NIST, ISO, etc.)

Advanced Preparations


Who Should Attend

Security managers, Service organization personnel, CPA auditors of service organizations, User auditors who have to rely on other SOC reports

Fields of Study
Information Technology



Business Learning Institute

CPE Credits


This course is available for your group as:


Let's Roll!

To learn more or customize this course for your group, complete this form and a BLI team member will get back with you shortly.

Or, contact BLI: 888-481-3500 or
Your browser is out-of-date!

Update your browser to view this website correctly.

Update my browser now