SOC 2 Academy

Preface

Meet Your Instructor- Kyle Morris

Meet Your Instructor- Wesley Van Zyl

1. Introduction to SOC 2

1.1 What is SOC 2 Compliance?

1.2 AICPA COSO Framework

1.3 Trust Service Criteria ('TSC') and Point of Focus

1.4 Audit Timeline & period

1.5 Certification bodies

Module 1 Quiz

2. The Planning Phase

2.1 Defining the Scope

2.2 Creation of 'System Description'

2.3 Types of Controls

2.4 Gap Analysis

2.5 Identifying Gaps and Remediation

2.6 Creation and Mapping of Controls

2.7 Choosing the Auditing Firm

Module 2 Quiz

Framework Subject Matters

3. Framework Subject Matters

3.1 Control Environment

3.2 Communication and Information

3.3 Risk Assessment

3.4 Monitoring Activities

3.5 Control Activities

3.6 Logical and Physical Access Controls

3.7 System Operations

3.8 Change Management

3.9 Risk Mitigation

3.10 Additional Criteria for Availability

3.11 Additional Criteria for Confidentiality

3.12 Additional Criteria for Processing Integrity

3.13 Additional Criteria for Privacy

Module 3 Quiz

4.1 Shared Responsibility Model

4.2 Key Stakeholder Identification

4.3 Technical, Procedural, and Administrative Controls Implementation

4.4 Prioritization

Module 4 Quiz

5. Security Management Procedures

5.1 Policies and Procedures

5.2 Passwords and MFA

5.3 Risk Assessment

5.4 Risk Mitigation

5.5 User Access Review

5.6 Security Awareness Training

5.7 Security Risk Vs Security Vulnerabilities

5.8 Endpoint Management and Anti-Malware

5.9 Assets Mapping and Classification

5.10 Human Resources

5.11 Maintenance, Monitoring, and Analysis of Audit Logs

5.12 Data Breaches and Disclosures

5.13 Crisis Management

5.14 Segregation of Duties and Least Privilege

5.15 Change Management

5.16 Internal Audit

Module 5 Quiz