Instructor for this course

Third Party Service Provider Reports, also known as SSAE 18 SOC Reports, are required to be reviewed as part of Attestation Engagements, however they can also provide value when utilizing third party service providers or when considering cloud storage environments. Organizations can gleam great value by applying the appropriate level of due diligence during the procurement process. During this course we discuss the role of the Procurement Department, critical components of the SSAE SOC report and the importance of ensuring security, confidentiality, and availability.

We walk through review processes to ensure Corresponding End User Control Considerations are in place, analysis to be performed to ensure SSAE18 reports include adequate control coverage, appropriate test procedures and appropriate conclusions. Lastly, we explore Procurement’s role in today’s cloud computing environment. We discuss valuable uses for the SSAE report and security questionnaires, beyond checking the requirement box.

Course Key Concepts: Procurement, Security Questionnaires, SSAE 18, SOC, SOC 1, SOC 2, SOC 3, Third Party Service Provider, IT General Controls, Service Provider Reports, Cloud Security.

Learning Objectives

  • Recognize initial questions to consider when auditing 3rd Party Service provides and/or cloud environments.
  • Discover and discuss the role of Procurement.
  • Identify critical questionnaire components.
  • Identify and understand the SSAE18 SOC Report.
Last updated/reviewed: September 08, 2021


Course Complexity: Foundational

No advanced preparation or prerequisites are required for this course.

Education Provider Information

Illumeo, Inc., 75 East Santa Clara St., Suite 1215, San Jose, CA 95113
For more information regarding this course, including complaint and cancellation policies, please contact our offices at (408) 400- 3993 or send an e-mail to .
Course Syllabus
  3:00Introduction to Auditing 3rd party Service Providers and Cloud Environments
  6:56Initial Questions to Consider
  10:48The Role of Procurement
  11:10The Security Questionnaire
  7:28Type of Report
  16:04Critical Components of The SSAE 18 SOC Report
  6:14Review Test Procedures
  3:26The Review Template
  1:05:06Auditing 3rd party Service Providers and Cloud Environments
  PDFSlides: Auditing Third Party Service Providers and Cloud Environments
  PDFAuditing Third Party Service Providers and Cloud Environments Glossary/ Index