All regulators say, in a similar fashion, that we must understand the security controls of a third party to the same extent as we understand our own internal controls. Most industries rely heavily on SSAE18 audit reports and the Service Organization Control's (SOC) 2 reports provided by vendors. What are the differences between these different reports, and which should we be requesting? And once we obtain them, how do we understand the security controls to the same extent as our own?
We will explore the different types of SOC reports provided by vendors and highlight the best items that should be requested from vendors. In addition to what report(s) to ask for, we will explore different SOC report types in detail to highlight what to look for and why.
Who Should Attend
Information Security Officer, IT Manager, Risk Officer, Internal Auditor, CFO, and Executives looking to understand the risk around Vendor Management.