Instructor for this course

Third Party Service Provider Reports, also known as SSAE 18 SOC Reports, are required to be reviewed as part of Attestation Engagements, however they can also provide value when utilizing third party service providers or when considering cloud storage environments. Organizations can gleam great value by applying the appropriate level of due diligence during the procurement process. During this course we discuss the role of the Procurement Department, critical components of the SSAE SOC report and the importance of ensuring security, confidentiality, and availability.

We walk through review processes to ensure Corresponding End User Control Considerations are in place, analysis to be performed to ensure SSAE18 reports include adequate control coverage, appropriate test procedures and appropriate conclusions. Lastly, we explore Procurement’s role in today’s cloud computing environment. We discuss valuable uses for the SSAE report and security questionnaires, beyond checking the requirement box.

Course Key Concepts: Procurement, Security Questionnaires, SSAE 18, SOC, SOC 1, SOC 2, SOC 3, Third Party Service Provider, IT General Controls, Service Provider Reports, Cloud Security.

Learning Objectives

  • Recognize initial questions to consider when auditing 3rd Party Service provides and/or cloud environments.
  • Discover and discuss the role of Procurement.
  • Identify critical questionnaire components.
  • Identify and understand the SSAE18 SOC Report.
Last updated/reviewed: May 8, 2022

Included In Certifications

This course is included in the following Certification Programs:

10 CoursesInformation Technology Auditor Certification

  1. Understanding Information Technology Governance and the Application of NIST
  2. Performing a Security Risk Assessment
  3. Auditing Data Security IT Computer Controls
  4. Auditing Third Party Service Providers and Cloud Environments
  5. Auditing Automated Business and Financial Transaction Processes
  6. Auditing Logical Security and Logical Access Controls
  7. Auditing Change Management
  8. Auditing the Network
  9. The Importance of Incident Response, Disaster Recovery and Business Continuity Planning
  10. Information Technology Audit Summary

7 Reviews (19 ratings)Reviews

Member's Profile
Very comprehensive and imfo content The instructor explained all topics in the course in easy and friendly manner I highly recommend this course to everyone who seeks cybersecurity course or to fulfill isaca cpe for isca certifications. Many thanks to illumeo All your courses are excellent and comprehensive in all fields.
Anonymous Author
The material presented was useful and will definitely benefit me and my team. We are responsible for our own Co. SOC testing and reporting as well as review the SOC reports of our third parties.
Anonymous Author
This course provided good guidance on questions to consider for auditing 3rd parties and on the critical components of the SSAE 18 SOC Report.
Member's Profile
Great course for better understanding the SOC reports and how they apply to our organization. Hit the need perfectly - thanks Wendi!
Anonymous Author
This was a great course that was presented well. I would recommend it to others.
Anonymous Author
Great presenter with a lot of good details and helpful examples.
Anonymous Author
Very detailed information. Instructor was pleasant.


Course Complexity: Foundational

No advanced preparation or prerequisites are required for this course.

Education Provider Information

Illumeo, Inc., 75 East Santa Clara St., Suite 1215, San Jose, CA 95113
For more information regarding this course, including complaint and cancellation policies, please contact our offices at (408) 400- 3993 or send an e-mail to .
Course Syllabus
  3:00Introduction to Auditing Third Party Service Providers and Cloud Environments
  6:56Initial Questions to Consider
  10:48The Role of Procurement
  11:10The Security Questionnaire
  7:28Type of Report
  16:04Critical Components of The SSAE 18 SOC Report
  6:14Review Test Procedures
  3:26The Review Template
  1:05:06Auditing Third Party Service Providers and Cloud Environments
  PDFSlides: Auditing Third Party Service Providers and Cloud Environments
  PDFAuditing Third Party Service Providers and Cloud Environments Glossary/ Index