SOC stands for “System and Organization Controls” and is the agreed-upon control procedure set by the American Institute of Certified Public Accountants (AICPA).
The course is designed to pass on extensive knowledge of the security, risk management, and oversight controls at a service organization relevant to security, availability, processing integrity, confidentiality, and privacy.
These defined sets of controls are a series of standards or benchmarks designed to help measure how well a given service organization conducts and regulates its information. The training is focused on the "Do it yourself" ("DIY") concept. The SOC cybersecurity DIY training series is designed to educate learners in implementing SOC.
SOC for Service Organizations report is designed to help organizations that provide services to other entities build trust and confidence in the service performed and controls related to the services through a report by an independent auditor.
Each SOC for Service Organizations report is designed to help service organizations meet specific user needs. These reports can play an important role in the following:
- Oversight of the organization
- Vendor management programs
- Internal corporate governance and risk management processes
- Regulatory oversight
The training will help organizations have in-house skills and end-to-end knowledge in deciding the type of certification, type of documentation, type of skills, and type of controls required to certify.
You will learn about SOC 1, SOC 2, SOC 3, SOC 2 +, SOC for Cyber Security, SOC for Supply Chain, and SOC 2 + Additional Subject Matter Reports and the scope and use of these reports. The study contains case studies for SOC for Cyber Security and SOC for the supply chain. You will learn about mapping Trust Service Criteria to other standards and frameworks.