Menu Close Menu

Menu

Account

How to Decode Third-Party SOC 2 Reports Slide Deck

Download Slide Deck Watch Recording

View original event info

Join this webinar to learn how to analyze the effectiveness of a vendor's security controls consistently with the rest of your third-party estate.

Instead of completing a full standards-based risk assessment, some vendors simply submit their most recent SOC 2 report. However, for organizations that lack the expertise and resources, interpreting these SOC 2 reports can be complex and time-consuming – not to mention inconsistent with how other vendors are assessed.

How do you simplify the process of analyzing SOC 2 reports and get what you need to visualize important vendor risks?

Join us as we discuss how to analyze the effectiveness of a vendor's security controls consistently with the rest of your third-party estate.


Learning Objectives:

  • Deconstruct a typical SOC 2 report, including the five Trust Services Principles
  • Explain how to map SOC 2 report control exceptions into risks in a common vendor risk and security framework
  • Describe best practices to remediate a vendor's SOC 2 control deficiencies


Speaker:

Thomas Humphreys, Compliance Expert & Content Manager, Prevalent


Featured in: Controls , Third Party Management

Related Resources
Back to top
OCEG © 2002 - 2024 OCEG

Terms of Service

Privacy Policy

Refund Policy

support@oceg.org

Contact Us

Information & Billing
+1 (602) 234-9278

Principled Performance, Driving Principled Performance, Putting Principles Into Practice, OCEG, GRC360°, ActiveLearning, EventDay and LeanGRC are registered trademarks of OCEG.

Protector Skillset, Protector Mindset, Protector Code, Lines of Accountability, GRC Professional, GRCP, GRC Fundamentals, GRC Auditor, GRCA, GRC Audit Fundamentals, Data Privacy Fundamentals, Integrated Data Privacy Professional, IDPP, Policy Management Fundamentals, Integrated Policy Management Professional, IPMP, Integrated Audit & Assurance Professional, IAAP, Integrated Governance & Oversight Professional, IGOP, Integrated Strategy & Performance Professional, ISPP, Integrated Risk Management Professional, IRMP, Integrated Decision Management Professional, IDMP, Integrated Compliance & Ethics Professional, ICEP, Integrated Business Continuity Professional, IBCP, Integrated Information Security Professional, IISP are trademarks of OCEG.