CPA - small firm
CPA - medium firm
CPA - large firm
Organizations that provide services to other entities need a way to manage the risks associated with providing those services. The original standard for reducing that risk was known as a SAS 70 Attestation which was performed by a CPA and resulted in a report used to demonstrate the effectiveness of internal controls over financial reporting. Organizations began to use this report as evidence that a vendor was secure and safe to work with. When the SSAE 16 report was introduced, it was renamed Systems and Organization Controls 1 (SOC 1) and continued to address financial criteria. SOC 2 was created at the same time to specifically address security, privacy, availability, integrity, and confidentiality; or in other words, everything else that doesn't affect financial reporting.
If your organization hosts financial information or has a system or process that impacts the financial statements of a client, then SOC 1 is for you. If you are a third-party provider with a system used by other organizations, a SOC 2 Attestation could be requested from you -- and it's not uncommon for organizations to need both SOC 1 and 2 Attestation reports. Investors, auditors, business partners, vendors, clients, and prospects are example parties that typically rely on the SOC 1 and or SOC 2 Attestation reports. Software vendors, payroll providers, collection companies, data centers, cloud providers, managed service providers, CPA firms, HR firms, law firms, and consulting firms, are examples of organizations that may need to perform a SOC 1 and or SOC 2 Attestation.
In this webinar, attendees will learn about how to prepare for a SOC 1 and SOC 2 assessment and how to use these reports.
Learning Objectives:
- Differentiate a SOC 1 and SOC 2 assessment
- Identify which organizations need to prepare which reports for their work with outside organizations
- Evaluate the features of a SOC 1 and SOC 2 attestation report and how each are used
Blaise Wabo
A-LIGN
Healthcare and Financial Services Knowledge Leader
[email protected]
(888) 702-5446
Blaise is the Healthcare and Financial Services Knowledge Leader at A-LIGN and has over 12 years of experience in Security Compliance and Risk Management. He joined A-LIGN in 2013 and started the HITRUST/HIPAA and Healthcare Services practice in 2015. Having a very unique background as a CPA, CISA and CCSK, Blaise has performed over 500 SOC attestation reviews and over 300 HITRUST/HIPAA assessments for Global 1000 and Fortune 500 clients in various industries. Blaise is also a sought-after speaker and has delivered several speaking engagements at well-renowned conferences such as HIMSS, HITRUST, and ISACA. Blaise has also written dozens of blogs and whitepapers on the topics of Security Compliance, Telemedicine, Blockchain technology, and Third-Party Risk Management. Prior to joining A-LIGN, Blaise was a Senior Consultant at Century Payments, Inc., and an Advisory Associate at KPMG.
About Our Presenter
- CPE Credits
- Support and FAQs
- Terms and Conditions
- Privacy Policy
- CPAwebengage, Inc.