Content Provider
Align logo
Middlebanner capstan12042024
Handout Materials
Presentation Slides
Additional Materials
Webinar Technical FAQs
Free cpe webinars
What Is a SOC 1 and SOC 2 Attestation Report: Introduction and Best Practices

WHAT IS A SOC 1 AND SOC 2 ATTESTATION REPORT: INTRODUCTION AND BEST PRACTICES

Cost Free
Presentation Length 1.0 hour

Recorded DateNovember 3, 2023
CPE:Not available
(archived webinars do not offer CPE credits)
Subject AreaAuditing
Course LevelBasic
Course Description

Organizations that provide services to other entities need a way to manage the risks associated with providing those services. The original standard for reducing that risk was known as a SAS 70 Attestation which was performed by a CPA and resulted in a report used to demonstrate the effectiveness of internal controls over financial reporting. Organizations began to use this report as evidence that a vendor was secure and safe to work with. When the SSAE 16 report was introduced, it was renamed Systems and Organization Controls 1 (SOC 1) and continued to address financial criteria. SOC 2 was created at the same time to specifically address security, privacy, availability, integrity, and confidentiality; or in other words, everything else that doesn't affect financial reporting.

If your organization hosts financial information or has a system or process that impacts the financial statements of a client, then SOC 1 is for you. If you are a third-party provider with a system used by other organizations, a SOC 2 Attestation could be requested from you -- and it's not uncommon for organizations to need both SOC 1 and 2 Attestation reports. Investors, auditors, business partners, vendors, clients, and prospects are example parties that typically rely on the SOC 1 and or SOC 2 Attestation reports. Software vendors, payroll providers, collection companies, data centers, cloud providers, managed service providers, CPA firms, HR firms, law firms, and consulting firms, are examples of organizations that may need to perform a SOC 1 and or SOC 2 Attestation.

In this webinar, attendees will learn about how to prepare for a SOC 1 and SOC 2 assessment and how to use these reports.

Learning Objectives:


  • Differentiate a SOC 1 and SOC 2 assessment

  • Identify which organizations need to prepare which reports for their work with outside organizations

  • Evaluate the features of a SOC 1 and SOC 2 attestation report and how each are used

Not logged
PLEASE NOTE: ARCHIVED WEBINARS DO NOT QUALIFY FOR CPE
Linkedin

Blaise Wabo

A-LIGN
Healthcare and Financial Services Knowledge Leader
[email protected]
(888) 702-5446

Align logo

Blaise is the Healthcare and Financial Services Knowledge Leader at A-LIGN and has over 12 years of experience in Security Compliance and Risk Management. He joined A-LIGN in 2013 and started the HITRUST/HIPAA and Healthcare Services practice in 2015. Having a very unique background as a CPA, CISA and CCSK, Blaise has performed over 500 SOC attestation reviews and over 300 HITRUST/HIPAA assessments for Global 1000 and Fortune 500 clients in various industries. Blaise is also a sought-after speaker and has delivered several speaking engagements at well-renowned conferences such as HIMSS, HITRUST, and ISACA. Blaise has also written dozens of blogs and whitepapers on the topics of Security Compliance, Telemedicine, Blockchain technology, and Third-Party Risk Management. Prior to joining A-LIGN, Blaise was a Senior Consultant at Century Payments, Inc., and an Advisory Associate at KPMG.

About Our Presenter

Align logo
A-LIGN is a technology-enabled security and compliance partner trusted by more than 2,500 global organizations to mitigate cybersecurity risks. A-LIGN was founded in 2009 to help companies navigate the complexities of cybersecurity and compliance by offering customized solutions that align specifically with each organization’s unique goals and objectives.