About the Course
Audits of "SOC" (System and Organization Control) have been in effect since May 1, 2017 through the implementation of AICPA Statement on Standards for Attestation Engagements (SSAE) 18.
This standard replaced SSAE 16, just as SSAE 16 replaced SAS 70, and SAS 70 replaced SAS 44. This SOC audit standard requires the users of SOC audit reports to adjust their compliance programs to fit the SSAE 18 SOC standard. SSAE 18 is more comprehensive than the prior SOC standards.
Learn the best practices for preparing, conducting and assessing SSAE 18 SOC audit reports from our highly experienced instructor who performs these activities.
This program examines the details of the SOC audit process.from planning to performing to documenting to reporting.
This valuable online CPE event is designed to evaluate SSAE 18 SOC requirements from all three viewpoints:
The Service Organization,
The External Auditor,
The Report User.
The materials provide a detailed understanding of an effective program for creating and assessing a system of internal control within an outsourced IT service organization under SSAE 18. It also provides the Report User with insight for interpreting the report and documenting the report review given their user requirements.
We provide guidance for Service Organizations on typical SOC controls and procedures. The event covers guidance for external auditors to allow them and document SOC workpapers and audit reports.
This program will help your organization develop, assess and maintain an effective SSAE 18 SOC program within a Vendor Management Program to comply with the Sarbanes-Oxley Act (SOX) Section 404, similar regulations (HIPAA, GLBA, etc.) and best practices (COBIT, NIST 800, ITIL, etc.).
Our attendees will learn a top-down, risk-based approach to SSAE 18 SOC compliance. The presentation includes:
Assessing Organizational Objectives.SOC 1, SOC 2, SOC 3, and the SOC Types
Selecting SOC 1 Control Objectives and Controls
Selecting SOC 2 Trust Service Criteria (TSCs) and Controls
Creating a Service Organization Risk Assessment
Evaluating Client Requirements
Determining Regulatory Implications
Developing Service Delivery Proposals
Creating, Communicating, and Auditing Policies and Procedures
Managing Vendors and Subservice Organizations
Maintaining Physical Access Controls
Maintaining Logical Security Controls
Maintaining Change Controls
Maintaining Backup and Restoration Controls
Evaluating Control Deficiencies
Maintaining SSAE Standards Compliance
This timely CPE training seminar is designed for the new project leader and individuals who have to create effective project control documents in performing projects and then communicate the results to management.