Vendor Management: Using SOC Reports to Oversee Third-Party Information Security and Cybersecurity Risks

Duration: 90 Minutes
Financial institutions need to comply with the FFIEC's guidance on due diligence and managing third-party relationships. A significant compliance concern today is whether the third-party (a service organization) can protect the institution's sensitive data through proper information security and cybersecurity control programs.
SOC 2 Report
Instructor: Gary Deutsch
Product ID: 503682
CPAs provide system and organization control (SOC) reporting for service organizations including SOC 1® engagements for internal controls over financial reports and SOC 2® engagements for information security. Since SOC 2® engagements are directed towards information security, the AICPA identified a need to also develop professional standards for CPAs related to growing cybersecurity risks.

Objectives of the Presentation
In this informative webinar, we will cover:
  • Interpreting SOC 2® engagements and reports
  • Understanding SSAE 18 professional standards related to SOC 2® engagements including Concepts Common to All Attestation Engagements (AT-C section 105) and Examination Engagements (AT-C section 205)
  • Understanding AICPA's updated Trust Services Criteria for SOC 2
  • How Trust Services Criteria align with COSO's 2013 framework
  • How to identify cybersecurity risks using CPA SOC cybersecurity reports
Why Should you Attend
The objective of the AICPA's cybersecurity reporting framework is to assist service organizations with communicating useful information regarding their cybersecurity risk-management programs to stakeholders and CPAs. In turn, CPAs can examine and report on the service organization's cybersecurity risk management program so that financial institution management and regulators can rely on a service organization's ability to maintain adequate security over financial institution sensitive data. This also includes compliance with the GLBA safeguards rule.

Together, SOC 2® engagements for information security and SOC cybersecurity risk assessments represent a needed evolution of AICPA professional standards to deal with the security risks that financial institutions face when contracting with service organizations.

Please join Gary Deutsch, CPA MBA, as he discusses how CPA prepared SOC 2® reports and reports on a service organization's cybersecurity risk management program can be used to help management meet their regulatory requirements related to third-party relationships.

Who will Benefit
  • Internal auditors
  • Financial institution counsel
  • Compliance officers
  • IT officers, risk managers
  • Vendor managers
  • Finance officers
  • Chief operations officers
  • Chief information officers
  • Persons responsible for electronic security
$300
Recorded Session for one participant
Get life time access with download option!
Book this course
Pay Now
  $450.00 Training CD
Free shipment within 4 Working Days of placing the order. Get life time access for unlimited participants.
  $550.00 Training USB Flash Drive
Free shipment within 4 Working Days of placing the order. Get life time access for unlimited participants.
For multiple location please contact our customer care team +1-510-857-5896.
How it works
Live Session - How it works
  • Login to onlinecompliancepanel with your registered username and password https://www.onlinecompliancepanel.com/login
  • The webinar joining link, username and password for joining the webinar will be updated on your OCP Account 24 hours prior to the webinar
  • Presentation handouts in Downloadable PDF format will be updated on your OCP Account 24 hours prior to the live session
  • Login to the audio conference on the scheduled date and time
  • Get answers to your queries through interactive Q&A sessions via chat at the end of the session
  • Download the Certificate of Attendance and Purchase Invoice from your OCP Account 24 hours after the completion of the session
  • Please let us know your thoughts and views at the end of the webinar, your valuable feedback will help us improve
Recorded Session - How it works
  • Login to onlinecompliancepanel with your registered username and password https://www.onlinecompliancepanel.com/login
  • Upon purchase of the recorded session a link will be updated on your OCP Account within 24 hours
  • Please click on the link to access the Recorded Session
  • Presentation handouts in downloadable PDF format will be updated on your OCP Account within 24 hours of the purchase of the product
  • Download the Certificate of Attendance and Purchase Invoice from your OCP Account after 48 hours of the product Purchase
  • Please share your valuable Feedback at the end of the session
Instructor Profile:
Mr. Deutsch is a licensed CPA in Maryland and has a B.A. in accounting and an MBA in finance from Loyola University Maryland. He has also achieved the Certified Management Accountant, Certified Internal Auditor and Certified Bank Auditor designations. Mr. Deutsch is the founder and president of BRT Publications LLC.

Mr. Deutsch has trained thousands of financial institution professionals in all aspects of risk management and has written numerous books in the U.S. and Europe on topics such as credit risk, internal audit and compliance with Generally Accepted Accounting Principles.

Mr. Deutsch has extensive risk management and internal audit experience through his association with financial institutions of all sizes as well as through his role leading the KPMG financial institution consulting practice in the Mid-Atlantic region.
View More