How to Decode Third-Party SOC 2 Reports Recording
Join this webinar to learn how to analyze the effectiveness of a vendor's security controls consistently with the rest of your third-party estate.
PLEASE NOTE. Certificates of Completion for CPE credit are not available for viewing of archived webinars. For GRCP holders, viewing of archived webinars will be automatically tracked and recorded in your Certification Dashboard on your Profile on the OCEG site and will count toward GRCP CPE requirements only.
Instead of completing a full standards-based risk assessment, some vendors simply submit their most recent SOC 2 report. However, for organizations that lack the expertise and resources, interpreting these SOC 2 reports can be complex and time-consuming – not to mention inconsistent with how other vendors are assessed.
How do you simplify the process of analyzing SOC 2 reports and get what you need to visualize important vendor risks?
Join us as we discuss how to analyze the effectiveness of a vendor's security controls consistently with the rest of your third-party estate.
Learning Objectives:
- Deconstruct a typical SOC 2 report, including the five Trust Services Principles
- Explain how to map SOC 2 report control exceptions into risks in a common vendor risk and security framework
- Describe best practices to remediate a vendor's SOC 2 control deficiencies
Speaker:
Thomas Humphreys, Compliance Expert & Content Manager, Prevalent
Featured in: Third Party Management
