SOC 2 isn't the only SOC out there! 🧦

In this episode Cera Adams breaks down these SOC reports and what to expect in a SOC audit!

Here are a few highlights from this episode:

• Why CPAs are involved
• What SOC 1 / SOC 2 / SOC 3 reports mean to providers and consumers
• Difference between SOC 2 Type 1 and Type 2 reports
• How SOC scoping and audits work
• SOC consulting/audit independence requirements

Cera is the Director of IT Assurance Services and leads OCD Tech's SOC 2 and IT Audit Practices. She has more than 20 years of experience in information security!

I've spent most of my career working in the NIST cybersecurity space, so this was very interesting to me!

I thought that the SOC 3 report was interesting, especially since many other frameworks don't have an equivalent.

What were your takeaways? What is your best SOC pun? Let me know in the comments!

Follow Cera on LinkedIn: https://www.linkedin.com/in/ceraadams/

OCD Tech Website: https://ocd-tech.com/

-----------

Thanks to our sponsor Vanta!

Want to save time filling out security questionnaires?

Experience questionnaire automation here: https://vanta.com/grcacademy

-----------

Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform!

Online GRC Training: https://grcacademy.io/courses/?utm_source=podcast&utm_medium=s1-e39&utm_campaign=courses

#soc2 #cybersecurity #informationsecurity