Loading...

SSAE18, SOC 1, SOC 2 - What Do I Need?

We will explore the different types of SOC reports provided by vendors and highlight the best items that should be requested from vendors.

OnDemand
Recorded Monday,
August 9th, 2021
Presented by Shane Daniel
2h total length
$279.00 or 1 Token

Includes: 30 Days OnDemand Playback, Presenter Materials and Handouts

  • Risk Management/Legal
  • Commercial Lender
  • Internal Auditor
  • IT Professional
  • Privacy Officer/Information Security Professional
  • Security Officer
  • Senior Management

Save on annual training costs with our Webinar Subscription Service and share webinars across your entire organization.

Become a subscriber

Learn about upcoming events, webinars and discounts.

Sign Up For Email Notifications

Each of our regulators say this in a similar way, we must understand the security controls of a third party “to the same extent” as we understand our own internal controls. This is challenging, as some of our vendors share few details about controls. Our industry currently relies heavily on the new SSAE18 Audit Report and the Service Organization Control (SOC)2 reports provided by vendors. What are the differences between these two reports, and which should we be requesting? And once we obtain them, how do we understand the security controls to the “same extent” as our own?

We will explore the different types of SOC reports provided by vendors and highlight the best items that should be requested from vendors. Each of these reports serves a different purpose and will provide different value to your institution. In addition to what reports to ask for, we will explore them in detail to highlight what to look for and how to fill in the gaps to ensure your understanding security to the “same extent”.

What You'll Learn

  • Third Party Management best practices
  • Fourth Party Management assistance
  • Updated Regulatory Expectations
  • Existing Regulatory Review
  • SSAE16 vs SSAE18 standard changes
  • SOC1, SOC2, SOC3 Audits
  • SOC Reports Type 1 and Type 2
  • Other items useful in vendor reviews
  • Detailed due diligence and contract questions

Who Should Attend

Information Security Officer, IT Manager, Risk Officer, Internal Auditor, CFO, and Executives looking to understand the risk around Vendor Management.

Shane Daniel

Instructor Bio

Shane Daniel is a Vice President/Senior Information Security Consultant for SBS CyberSecurity, a premier cybersecurity consulting and audit firm dedicated to making a positive impact on the banking and financial services industry. Shane maintains his CISA, CPA, CIA, CGEIT, and CRISC certifications. He has 27 years of experience in Network Security, IT Auditing, Consulting, and ISP development.

Print this page