Third Party Service Provider Reports, also known as SSAE 18 SOC Reports, are required to be reviewed as part of Attestation Engagements, however they can also provide value when utilizing third party service providers or when considering cloud storage environments. Organizations can gleam great value by applying the appropriate level of due diligence during the procurement process. During this course we discuss the role of the Procurement Department, critical components of the SSAE SOC report and the importance of ensuring security, confidentiality, and availability.
We walk through review processes to ensure Corresponding End User Control Considerations are in place, analysis to be performed to ensure SSAE18 reports include adequate control coverage, appropriate test procedures and appropriate conclusions. Lastly, we explore Procurement’s role in today’s cloud computing environment. We discuss valuable uses for the SSAE report and security questionnaires, beyond checking the requirement box.
Course Key Concepts: Procurement, Security Questionnaires, SSAE 18, SOC, SOC 1, SOC 2, SOC 3, Third Party Service Provider, IT General Controls, Service Provider Reports, Cloud Security.
Learning Objectives
- Recognize initial questions to consider when auditing 3rd Party Service provides and/or cloud environments.
- Discover and discuss the role of Procurement.
- Identify critical questionnaire components.
- Identify and understand the SSAE18 SOC Report.
Included In Certifications
This course is included in the following Certification Programs:
10 CoursesInformation Technology Auditor Certification
- Understanding Information Technology Governance and the Application of NIST
- Performing a Security Risk Assessment
- Auditing Data Security IT Computer Controls
- Auditing Third Party Service Providers and Cloud Environments
- Auditing Automated Business and Financial Transaction Processes
- Auditing Logical Security and Logical Access Controls
- Auditing Change Management
- Auditing the Network
- The Importance of Incident Response, Disaster Recovery and Business Continuity Planning
- Information Technology Audit Summary
16 Reviews (72 ratings)
Prerequisites
No advanced preparation or prerequisites are required for this course.