SlideShare a Scribd company logo

[ON-DEMAND WEBINAR] Understanding SOC2: A SOC 2 Guide for Managed Service Providers (MSPs)

Download as PPTX, PDF
Rea & Associates
Rea & Associates

As a managed service provider, securely managing your data to protect the interests of your organization, reinforce the integrity of your business, and ensure the data security of your clients can be a challenge – but it is possible. During this free, hour-long webinar, Brain Garland and Paul Hugenberg, leaders on Rea & Associates' cybersecurity and data protection team, will guide you through SOC 2 compliance, and how this incredible tool can help you leverage your existing data security framework and business model to ensure long-term organizational success and sustainability. Join us to learn: - What SOC 2 is and what it is specifically designed to accomplish. - How SOC 2 can improve your organization’s safety, credibility, and overall profitability. - When a SOC 2 absolutely necessary to a business’s long-term financial and organizational wellness. - How CMMC Works With SOC2 To learn more about SOC2, visit https://www.reacpa.com/contact-us/ to reach out to a member of our team. #SOC2 #ReaCyber #ReaCPA

Business
1 of 15
REA CYBER SERVICES SOC 2: Guide for MSPs Brian Garland Senior Manager, Cyber Services | Rea & Associates, Inc. Brian.Garland@reacpa.com Paul Hugenberg Principal, Cyber Services | Rea & Associates, Inc. Paul.Hugenberg@reacpa.com March 2021 REA CYBER SERVICES SOC 2: Guide for MSPs March 2021 Brian Garland, CPA, CISA Senior Manager, Cyber Services | Rea & Associates, Inc. Brian.Garland@reacpa.com Paul Hugenberg, CISA, CISSP, CRISC, CPA Principal, Cyber Services | Rea & Associates, Inc. Paul.Hugenberg@reacpa.com
REA CYBER SERVICES SOC 2: Guide for MSPs 2 • Common Myths Regarding SOC 2 • SOC Structure – What is it? • What is SOC2 designed to do for your MSP • Reasons to leverage the SOC 2 framework • Situations when other options may be preferable Agenda
REA CYBER SERVICES SOC 2: Guide for MSPs 3 Poll Question • Which of the following is your MSP’s primary approaches to satisfying customer/prospect due diligence requests? • SOC 2 • NIST • HITRUST • ISO • Other
REA CYBER SERVICES SOC 2: Guide for MSPs 4 • Anyone can perform a SOC for me. • I can get a SOC 2 “Certification”. • Technical examination only. • All SOCs are the same. All vendors are the same. • A SOC has no ROI for the MSP/MSSP. • All Opinions are equal. • A SOC2 satisfies other regulations. • A SOC2 cannot include other regulations. Common Myths Surrounding SOC 2
REA CYBER SERVICES SOC 2: Guide for MSPs SOC 2 Security - REQUIRED Privacy - OPTIONAL Availability - OPTIONAL Processing Integrity - OPTIONAL Confidentiality - OPTIONAL 5 • Trust Services Criteria (previously Trust Services Principles and Criteria) AICPA Service Organization Control (SOC 2)
REA CYBER SERVICES SOC 2: Guide for MSPs 6 SOC 1 • Report on financial controls of a service organization • i.e. payroll processors, SaaS applications critical to financial report (general ledger) SOC 2 • Report on controls over in scope systems, regarding CIA+ • Security • Processing Integrity • Confidentiality • Availability • Privacy SOC 3 • Same reporting requirements as SOC 2, however distribution is for public use • Higher level PRIVATE PRIVATE PUBLIC
REA CYBER SERVICES SOC 2: Guide for MSPs 7 • Review of current state compared to Trust Service Criteria • “GAP Analysis” • Non assurance report SOC 2 Readiness Assessment • Review of control design and system description, at a point in time SOC 2 – Type 1 • Review of control design, system description, and control operating effectiveness over a period of time SOC 2 – Type 2 NO OPINION SINGLE OPINION DUAL OPINION
REA CYBER SERVICES SOC 2: Guide for MSPs 8 SOC 2 Recap • Trust Services Criteria • Common Criteria – Required (33 Control Objectives) • Other criteria are add on • Based on the MSP’s SLAs and customer requirements • Type 1 and Type 2
REA CYBER SERVICES SOC 2: Guide for MSPs 9 Poll Question •Is your MSP looking to expand into regulated markets? (Healthcare, financial services) •Yes •Yes, in the next 1-3 years •Not at this time
REA CYBER SERVICES SOC 2: Guide for MSPs 10 Intent of SOC2 for MSPs Demonstrating commitment to internal controls Trust in the market Requirement for certain industries Competitive advantage
REA CYBER SERVICES SOC 2: Guide for MSPs 11 • Recognized framework under AICPA • Opinion based reporting on internal controls • In comparison to other common frameworks • Primary documentation requested by risk management teams Why SOC 2?
REA CYBER SERVICES SOC 2: Guide for MSPs 12 Key questions to address What types of requests do you get from customers/suppliers on your IT controls and data security? How much time do you spend a month/quarter/year marketing to potential customers on your company’s data security controls? What type of steps does the organization perform around IT security risk mitigation? How do other companies in your market promote/position themselves related to cyber security? Do you consider cyber risk mitigation and reporting a competitive advantage?
REA CYBER SERVICES SOC 2: Guide for MSPs 13 • Framework based information security plan • i.e. National Institute of Standards and Technology (NIST) • ISO 27001 • HITRUST • Other industry specific frameworks Other Options For MSPs
REA CYBER SERVICES SOC 2: Guide for MSPs 14 MSP Market Trends • Global Managed Services Market = CAGR ~ 11.2% 2020 – 2026 (source: Modor Intelligence) • M&A activity expected to increase • Migration to cloud platforms • Customer focus on cyber security initiatives • “….“ as a service • Movement from break/fix arrangements to managed IT and security services
REA CYBER SERVICES SOC 2: Guide for MSPs 15 QUESTIONS???

Recommended

New York Cybersecurity Requirements for Financial Services Companies
New York Cybersecurity Requirements for Financial Services CompaniesNew York Cybersecurity Requirements for Financial Services Companies
New York Cybersecurity Requirements for Financial Services CompaniesCitrin Cooperman
 
Robert Nichols: Cybersecurity for Government Contractors
Robert Nichols: Cybersecurity for Government ContractorsRobert Nichols: Cybersecurity for Government Contractors
Robert Nichols: Cybersecurity for Government ContractorsGovernment Technology and Services Coalition
 
TRU Snacks Webinar Series - Navigating Cybersecurity Risk in the Age of COVID-19
TRU Snacks Webinar Series - Navigating Cybersecurity Risk in the Age of COVID-19TRU Snacks Webinar Series - Navigating Cybersecurity Risk in the Age of COVID-19
TRU Snacks Webinar Series - Navigating Cybersecurity Risk in the Age of COVID-19Citrin Cooperman
 
Emerging Trends in Information Security and Privacy
Emerging Trends in Information Security and PrivacyEmerging Trends in Information Security and Privacy
Emerging Trends in Information Security and Privacylgcdcpas
 
Integrating Cybersecurity into Supply Chain Risk Management
Integrating Cybersecurity into Supply Chain Risk ManagementIntegrating Cybersecurity into Supply Chain Risk Management
Integrating Cybersecurity into Supply Chain Risk ManagementPriyanka Aash
 
Emerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityEmerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityJessica Santamaria
 
Don't let them take a byte
Don't let them take a byteDon't let them take a byte
Don't let them take a bytelgcdcpas
 
Cyber risks in supply chains
Cyber risks in supply chains Cyber risks in supply chains
Cyber risks in supply chains Aparajita Banerjee
 

Recommended

New York Cybersecurity Requirements for Financial Services Companies
New York Cybersecurity Requirements for Financial Services CompaniesNew York Cybersecurity Requirements for Financial Services Companies
New York Cybersecurity Requirements for Financial Services CompaniesCitrin Cooperman
 
Robert Nichols: Cybersecurity for Government Contractors
Robert Nichols: Cybersecurity for Government ContractorsRobert Nichols: Cybersecurity for Government Contractors
Robert Nichols: Cybersecurity for Government ContractorsGovernment Technology and Services Coalition
 
TRU Snacks Webinar Series - Navigating Cybersecurity Risk in the Age of COVID-19
TRU Snacks Webinar Series - Navigating Cybersecurity Risk in the Age of COVID-19TRU Snacks Webinar Series - Navigating Cybersecurity Risk in the Age of COVID-19
TRU Snacks Webinar Series - Navigating Cybersecurity Risk in the Age of COVID-19Citrin Cooperman
 
Emerging Trends in Information Security and Privacy
Emerging Trends in Information Security and PrivacyEmerging Trends in Information Security and Privacy
Emerging Trends in Information Security and Privacylgcdcpas
 
Integrating Cybersecurity into Supply Chain Risk Management
Integrating Cybersecurity into Supply Chain Risk ManagementIntegrating Cybersecurity into Supply Chain Risk Management
Integrating Cybersecurity into Supply Chain Risk ManagementPriyanka Aash
 
Emerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityEmerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityJessica Santamaria
 
Don't let them take a byte
Don't let them take a byteDon't let them take a byte
Don't let them take a bytelgcdcpas
 
Cyber risks in supply chains
Cyber risks in supply chains Cyber risks in supply chains
Cyber risks in supply chains Aparajita Banerjee
 
ISACA ISSA Presentation
ISACA ISSA PresentationISACA ISSA Presentation
ISACA ISSA PresentationMarc Crudgington, MBA
 
Presentation for FPANJ Spring 2015 Conference
Presentation for FPANJ Spring 2015 ConferencePresentation for FPANJ Spring 2015 Conference
Presentation for FPANJ Spring 2015 ConferenceBill Despo
 
Securing Fintech: Threats, Challenges & Best Practices
Securing Fintech: Threats, Challenges & Best PracticesSecuring Fintech: Threats, Challenges & Best Practices
Securing Fintech: Threats, Challenges & Best PracticesUlf Mattsson
 
TrustedAgent GRC for Vulnerability Management
TrustedAgent GRC for Vulnerability ManagementTrustedAgent GRC for Vulnerability Management
TrustedAgent GRC for Vulnerability ManagementTuan Phan
 
New Ohio Cybersecurity Law Requirements
New Ohio Cybersecurity Law RequirementsNew Ohio Cybersecurity Law Requirements
New Ohio Cybersecurity Law RequirementsSkoda Minotti
 
Scammed: Defend Against Social Engineering
Scammed: Defend Against Social EngineeringScammed: Defend Against Social Engineering
Scammed: Defend Against Social EngineeringResolver Inc.
 
The Benefits of Security From a Managed Services Provider
The Benefits of Security From a Managed Services ProviderThe Benefits of Security From a Managed Services Provider
The Benefits of Security From a Managed Services ProviderCSI Solutions
 
Cybersecurity Metrics: Reporting to BoD
Cybersecurity Metrics: Reporting to BoDCybersecurity Metrics: Reporting to BoD
Cybersecurity Metrics: Reporting to BoDPranav Shah
 
Cybersecurity Series SEIM Log Analysis
Cybersecurity Series SEIM Log AnalysisCybersecurity Series SEIM Log Analysis
Cybersecurity Series SEIM Log AnalysisJim Kaplan CIA CFE
 
Aon Ransomware Response and Mitigation Strategies
Aon Ransomware Response and Mitigation StrategiesAon Ransomware Response and Mitigation Strategies
Aon Ransomware Response and Mitigation StrategiesCSNP
 
Vendor Security Practices: Turn the Rocks Over Early and Often
Vendor Security Practices: Turn the Rocks Over Early and OftenVendor Security Practices: Turn the Rocks Over Early and Often
Vendor Security Practices: Turn the Rocks Over Early and OftenPriyanka Aash
 
Cyber Attack Survival
Cyber Attack SurvivalCyber Attack Survival
Cyber Attack SurvivalSkoda Minotti
 
Security Incident Response Readiness Survey
Security Incident Response Readiness Survey Security Incident Response Readiness Survey
Security Incident Response Readiness Survey Rahul Neel Mani
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsShawn Tuma
 
bsi-cyber-resilience-presentation
bsi-cyber-resilience-presentationbsi-cyber-resilience-presentation
bsi-cyber-resilience-presentationAjai Srivastava
 
The Trick to Passing Your Next Compliance Audit
The Trick to Passing Your Next Compliance AuditThe Trick to Passing Your Next Compliance Audit
The Trick to Passing Your Next Compliance AuditSBWebinars
 
Strategy Insights - How to Quantify IT Risks
Strategy Insights - How to Quantify IT Risks Strategy Insights - How to Quantify IT Risks
Strategy Insights - How to Quantify IT Risks Hernan Huwyler, MBA CPA
 
Prevent Insider Threats with User Activity Monitoring
Prevent Insider Threats with User Activity MonitoringPrevent Insider Threats with User Activity Monitoring
Prevent Insider Threats with User Activity MonitoringObserveIT
 
Enumerating your shadow it attack surface
Enumerating your shadow it attack surfaceEnumerating your shadow it attack surface
Enumerating your shadow it attack surfacePriyanka Aash
 
Threat Intelligence Market
Threat Intelligence MarketThreat Intelligence Market
Threat Intelligence MarketDatsun Arnold
 
Introduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkIntroduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkTuan Phan
 
Leveraging compliance to raise the bar on security
Leveraging compliance to raise the bar on securityLeveraging compliance to raise the bar on security
Leveraging compliance to raise the bar on securityMike Lemire
 

More Related Content

What's hot

Presentation for FPANJ Spring 2015 Conference
Presentation for FPANJ Spring 2015 ConferencePresentation for FPANJ Spring 2015 Conference
Presentation for FPANJ Spring 2015 ConferenceBill Despo
 
Securing Fintech: Threats, Challenges & Best Practices
Securing Fintech: Threats, Challenges & Best PracticesSecuring Fintech: Threats, Challenges & Best Practices
Securing Fintech: Threats, Challenges & Best PracticesUlf Mattsson
 
TrustedAgent GRC for Vulnerability Management
TrustedAgent GRC for Vulnerability ManagementTrustedAgent GRC for Vulnerability Management
TrustedAgent GRC for Vulnerability ManagementTuan Phan
 
New Ohio Cybersecurity Law Requirements
New Ohio Cybersecurity Law RequirementsNew Ohio Cybersecurity Law Requirements
New Ohio Cybersecurity Law RequirementsSkoda Minotti
 
Scammed: Defend Against Social Engineering
Scammed: Defend Against Social EngineeringScammed: Defend Against Social Engineering
Scammed: Defend Against Social EngineeringResolver Inc.
 
The Benefits of Security From a Managed Services Provider
The Benefits of Security From a Managed Services ProviderThe Benefits of Security From a Managed Services Provider
The Benefits of Security From a Managed Services ProviderCSI Solutions
 
Cybersecurity Metrics: Reporting to BoD
Cybersecurity Metrics: Reporting to BoDCybersecurity Metrics: Reporting to BoD
Cybersecurity Metrics: Reporting to BoDPranav Shah
 
Cybersecurity Series SEIM Log Analysis
Cybersecurity Series SEIM Log AnalysisCybersecurity Series SEIM Log Analysis
Cybersecurity Series SEIM Log AnalysisJim Kaplan CIA CFE
 
Aon Ransomware Response and Mitigation Strategies
Aon Ransomware Response and Mitigation StrategiesAon Ransomware Response and Mitigation Strategies
Aon Ransomware Response and Mitigation StrategiesCSNP
 
Vendor Security Practices: Turn the Rocks Over Early and Often
Vendor Security Practices: Turn the Rocks Over Early and OftenVendor Security Practices: Turn the Rocks Over Early and Often
Vendor Security Practices: Turn the Rocks Over Early and OftenPriyanka Aash
 
Cyber Attack Survival
Cyber Attack SurvivalCyber Attack Survival
Cyber Attack SurvivalSkoda Minotti
 
Security Incident Response Readiness Survey
Security Incident Response Readiness Survey Security Incident Response Readiness Survey
Security Incident Response Readiness Survey Rahul Neel Mani
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsShawn Tuma
 
bsi-cyber-resilience-presentation
bsi-cyber-resilience-presentationbsi-cyber-resilience-presentation
bsi-cyber-resilience-presentationAjai Srivastava
 
The Trick to Passing Your Next Compliance Audit
The Trick to Passing Your Next Compliance AuditThe Trick to Passing Your Next Compliance Audit
The Trick to Passing Your Next Compliance AuditSBWebinars
 
Strategy Insights - How to Quantify IT Risks
Strategy Insights - How to Quantify IT Risks Strategy Insights - How to Quantify IT Risks
Strategy Insights - How to Quantify IT Risks Hernan Huwyler, MBA CPA
 
Prevent Insider Threats with User Activity Monitoring
Prevent Insider Threats with User Activity MonitoringPrevent Insider Threats with User Activity Monitoring
Prevent Insider Threats with User Activity MonitoringObserveIT
 
Enumerating your shadow it attack surface
Enumerating your shadow it attack surfaceEnumerating your shadow it attack surface
Enumerating your shadow it attack surfacePriyanka Aash
 
Threat Intelligence Market
Threat Intelligence MarketThreat Intelligence Market
Threat Intelligence MarketDatsun Arnold
 

What's hot (20)

ISACA ISSA Presentation
ISACA ISSA PresentationISACA ISSA Presentation
ISACA ISSA Presentation
 
Presentation for FPANJ Spring 2015 Conference
Presentation for FPANJ Spring 2015 ConferencePresentation for FPANJ Spring 2015 Conference
Presentation for FPANJ Spring 2015 Conference
 
Securing Fintech: Threats, Challenges & Best Practices
Securing Fintech: Threats, Challenges & Best PracticesSecuring Fintech: Threats, Challenges & Best Practices
Securing Fintech: Threats, Challenges & Best Practices
 
TrustedAgent GRC for Vulnerability Management
TrustedAgent GRC for Vulnerability ManagementTrustedAgent GRC for Vulnerability Management
TrustedAgent GRC for Vulnerability Management
 
New Ohio Cybersecurity Law Requirements
New Ohio Cybersecurity Law RequirementsNew Ohio Cybersecurity Law Requirements
New Ohio Cybersecurity Law Requirements
 
Scammed: Defend Against Social Engineering
Scammed: Defend Against Social EngineeringScammed: Defend Against Social Engineering
Scammed: Defend Against Social Engineering
 
The Benefits of Security From a Managed Services Provider
The Benefits of Security From a Managed Services ProviderThe Benefits of Security From a Managed Services Provider
The Benefits of Security From a Managed Services Provider
 
Cybersecurity Metrics: Reporting to BoD
Cybersecurity Metrics: Reporting to BoDCybersecurity Metrics: Reporting to BoD
Cybersecurity Metrics: Reporting to BoD
 
Cybersecurity Series SEIM Log Analysis
Cybersecurity Series SEIM Log AnalysisCybersecurity Series SEIM Log Analysis
Cybersecurity Series SEIM Log Analysis
 
Aon Ransomware Response and Mitigation Strategies
Aon Ransomware Response and Mitigation StrategiesAon Ransomware Response and Mitigation Strategies
Aon Ransomware Response and Mitigation Strategies
 
Vendor Security Practices: Turn the Rocks Over Early and Often
Vendor Security Practices: Turn the Rocks Over Early and OftenVendor Security Practices: Turn the Rocks Over Early and Often
Vendor Security Practices: Turn the Rocks Over Early and Often
 
Cyber Attack Survival
Cyber Attack SurvivalCyber Attack Survival
Cyber Attack Survival
 
Security Incident Response Readiness Survey
Security Incident Response Readiness Survey Security Incident Response Readiness Survey
Security Incident Response Readiness Survey
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
 
bsi-cyber-resilience-presentation
bsi-cyber-resilience-presentationbsi-cyber-resilience-presentation
bsi-cyber-resilience-presentation
 
The Trick to Passing Your Next Compliance Audit
The Trick to Passing Your Next Compliance AuditThe Trick to Passing Your Next Compliance Audit
The Trick to Passing Your Next Compliance Audit
 
Strategy Insights - How to Quantify IT Risks
Strategy Insights - How to Quantify IT Risks Strategy Insights - How to Quantify IT Risks
Strategy Insights - How to Quantify IT Risks
 
Prevent Insider Threats with User Activity Monitoring
Prevent Insider Threats with User Activity MonitoringPrevent Insider Threats with User Activity Monitoring
Prevent Insider Threats with User Activity Monitoring
 
Enumerating your shadow it attack surface
Enumerating your shadow it attack surfaceEnumerating your shadow it attack surface
Enumerating your shadow it attack surface
 
Threat Intelligence Market
Threat Intelligence MarketThreat Intelligence Market
Threat Intelligence Market
 

Similar to [ON-DEMAND WEBINAR] Understanding SOC2: A SOC 2 Guide for Managed Service Providers (MSPs)

Introduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkIntroduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkTuan Phan
 
Leveraging compliance to raise the bar on security
Leveraging compliance to raise the bar on securityLeveraging compliance to raise the bar on security
Leveraging compliance to raise the bar on securityMike Lemire
 
SOC 2 Compliance and Certification
SOC 2 Compliance and CertificationSOC 2 Compliance and Certification
SOC 2 Compliance and CertificationControlCase
 
Data Center Audit Standards
Data Center Audit StandardsData Center Audit Standards
Data Center Audit StandardsKeyur Thakore
 
Reduce the Burden Of Managing SAP With Enterprise Identity Management
Reduce the Burden Of Managing SAP With Enterprise Identity ManagementReduce the Burden Of Managing SAP With Enterprise Identity Management
Reduce the Burden Of Managing SAP With Enterprise Identity ManagementSBWebinars
 
Moss Adams SSAE 16 SOC Audits
Moss Adams SSAE 16 SOC AuditsMoss Adams SSAE 16 SOC Audits
Moss Adams SSAE 16 SOC AuditsAISDC
 
Service Organizational Control (SOC 2) Compliance - Kloudlearn
Service Organizational Control (SOC 2) Compliance - KloudlearnService Organizational Control (SOC 2) Compliance - Kloudlearn
Service Organizational Control (SOC 2) Compliance - KloudlearnKloudLearn
 
Open Banking UK “Identity Product” Internals #fapisum - Japan/UK Open Banking...
Open Banking UK “Identity Product” Internals #fapisum - Japan/UK Open Banking...Open Banking UK “Identity Product” Internals #fapisum - Japan/UK Open Banking...
Open Banking UK “Identity Product” Internals #fapisum - Japan/UK Open Banking...FinTechLabs.io
 
Nist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoNist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoTuan Phan
 
Vendor Management for PCI DSS, HIPAA, and FFIEC
Vendor Management for PCI DSS, HIPAA, and FFIECVendor Management for PCI DSS, HIPAA, and FFIEC
Vendor Management for PCI DSS, HIPAA, and FFIECControlCase
 
Crafting an End-to-End Pharma GRC Strategy
Crafting an End-to-End Pharma GRC StrategyCrafting an End-to-End Pharma GRC Strategy
Crafting an End-to-End Pharma GRC StrategyCognizant
 
Aplication data security compliances
Aplication data security compliancesAplication data security compliances
Aplication data security compliancesAhmadi Madi
 
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECVendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECControlCase
 
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterNIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterTuan Phan
 
Secrets for Successful Regulatory Compliance Projects
Secrets for Successful Regulatory Compliance ProjectsSecrets for Successful Regulatory Compliance Projects
Secrets for Successful Regulatory Compliance ProjectsChristopher Foot
 
Account Right SOC Services brochure.pptx
Account Right SOC Services brochure.pptxAccount Right SOC Services brochure.pptx
Account Right SOC Services brochure.pptxGaneshMeenakshiSunda4
 

Similar to [ON-DEMAND WEBINAR] Understanding SOC2: A SOC 2 Guide for Managed Service Providers (MSPs) (20)

Introduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkIntroduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity Framework
 
Leveraging compliance to raise the bar on security
Leveraging compliance to raise the bar on securityLeveraging compliance to raise the bar on security
Leveraging compliance to raise the bar on security
 
SOC 2 Compliance and Certification
SOC 2 Compliance and CertificationSOC 2 Compliance and Certification
SOC 2 Compliance and Certification
 
Data Center Audit Standards
Data Center Audit StandardsData Center Audit Standards
Data Center Audit Standards
 
Reduce the Burden Of Managing SAP With Enterprise Identity Management
Reduce the Burden Of Managing SAP With Enterprise Identity ManagementReduce the Burden Of Managing SAP With Enterprise Identity Management
Reduce the Burden Of Managing SAP With Enterprise Identity Management
 
Moss Adams SSAE 16 SOC Audits
Moss Adams SSAE 16 SOC AuditsMoss Adams SSAE 16 SOC Audits
Moss Adams SSAE 16 SOC Audits
 
SOC for Cybersecurity Overview
SOC for Cybersecurity OverviewSOC for Cybersecurity Overview
SOC for Cybersecurity Overview
 
Icsoc20.ppt
Icsoc20.pptIcsoc20.ppt
Icsoc20.ppt
 
Service Organizational Control (SOC 2) Compliance - Kloudlearn
Service Organizational Control (SOC 2) Compliance - KloudlearnService Organizational Control (SOC 2) Compliance - Kloudlearn
Service Organizational Control (SOC 2) Compliance - Kloudlearn
 
Open Banking UK “Identity Product” Internals #fapisum - Japan/UK Open Banking...
Open Banking UK “Identity Product” Internals #fapisum - Japan/UK Open Banking...Open Banking UK “Identity Product” Internals #fapisum - Japan/UK Open Banking...
Open Banking UK “Identity Product” Internals #fapisum - Japan/UK Open Banking...
 
Nist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoNist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quantico
 
SOC 2 and You
SOC 2 and YouSOC 2 and You
SOC 2 and You
 
Vendor Management for PCI DSS, HIPAA, and FFIEC
Vendor Management for PCI DSS, HIPAA, and FFIECVendor Management for PCI DSS, HIPAA, and FFIEC
Vendor Management for PCI DSS, HIPAA, and FFIEC
 
Crafting an End-to-End Pharma GRC Strategy
Crafting an End-to-End Pharma GRC StrategyCrafting an End-to-End Pharma GRC Strategy
Crafting an End-to-End Pharma GRC Strategy
 
Aplication data security compliances
Aplication data security compliancesAplication data security compliances
Aplication data security compliances
 
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECVendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
 
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterNIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
 
Secrets for Successful Regulatory Compliance Projects
Secrets for Successful Regulatory Compliance ProjectsSecrets for Successful Regulatory Compliance Projects
Secrets for Successful Regulatory Compliance Projects
 
Kevin Else LegalTech event Feb 2023
Kevin Else LegalTech event Feb 2023Kevin Else LegalTech event Feb 2023
Kevin Else LegalTech event Feb 2023
 
Account Right SOC Services brochure.pptx
Account Right SOC Services brochure.pptxAccount Right SOC Services brochure.pptx
Account Right SOC Services brochure.pptx
 

More from Rea & Associates

2022 Rea & Associates' Cybersecurity Conference
2022 Rea & Associates' Cybersecurity Conference 2022 Rea & Associates' Cybersecurity Conference
2022 Rea & Associates' Cybersecurity Conference Rea & Associates
 
Rea & Associates' Manufacturing Day 2022
Rea & Associates' Manufacturing Day 2022Rea & Associates' Manufacturing Day 2022
Rea & Associates' Manufacturing Day 2022Rea & Associates
 
Rea & Associates - 4th Annual Construction Kickoff
Rea & Associates - 4th Annual Construction KickoffRea & Associates - 4th Annual Construction Kickoff
Rea & Associates - 4th Annual Construction KickoffRea & Associates
 
Rea Manufacturing Day 2021
Rea Manufacturing Day 2021Rea Manufacturing Day 2021
Rea Manufacturing Day 2021Rea & Associates
 
HR Compliance & Insurance Benefit Perspectives: What Employers Should Be Awar...
HR Compliance & Insurance Benefit Perspectives: What Employers Should Be Awar...HR Compliance & Insurance Benefit Perspectives: What Employers Should Be Awar...
HR Compliance & Insurance Benefit Perspectives: What Employers Should Be Awar...Rea & Associates
 
LIVE EVENT - 3rd Annual Fall Construction Risk Update - September 30
LIVE EVENT - 3rd Annual Fall Construction Risk Update - September 30LIVE EVENT - 3rd Annual Fall Construction Risk Update - September 30
LIVE EVENT - 3rd Annual Fall Construction Risk Update - September 30Rea & Associates
 
[ON-DEMAND WEBINAR] COVID 2.0 | Tips To Address New Cases, Mask Mandates, & V...
[ON-DEMAND WEBINAR] COVID 2.0 | Tips To Address New Cases, Mask Mandates, & V...[ON-DEMAND WEBINAR] COVID 2.0 | Tips To Address New Cases, Mask Mandates, & V...
[ON-DEMAND WEBINAR] COVID 2.0 | Tips To Address New Cases, Mask Mandates, & V...Rea & Associates
 
[ON-DEMAND WEBINAR] Revealing The State & Local Tax Considerations Of A Remot...
[ON-DEMAND WEBINAR] Revealing The State & Local Tax Considerations Of A Remot...[ON-DEMAND WEBINAR] Revealing The State & Local Tax Considerations Of A Remot...
[ON-DEMAND WEBINAR] Revealing The State & Local Tax Considerations Of A Remot...Rea & Associates
 
[ON-DEMAND WEBINAR] How To Hire More Employees & Keep Them Happy: Tips To Att...
[ON-DEMAND WEBINAR] How To Hire More Employees & Keep Them Happy: Tips To Att...[ON-DEMAND WEBINAR] How To Hire More Employees & Keep Them Happy: Tips To Att...
[ON-DEMAND WEBINAR] How To Hire More Employees & Keep Them Happy: Tips To Att...Rea & Associates
 
[ON-DEMAND WEBINAR] Managed Service Providers vs Managed Security Service Pro...
[ON-DEMAND WEBINAR] Managed Service Providers vs Managed Security Service Pro...[ON-DEMAND WEBINAR] Managed Service Providers vs Managed Security Service Pro...
[ON-DEMAND WEBINAR] Managed Service Providers vs Managed Security Service Pro...Rea & Associates
 
[ON-DEMAND WEBINAR] CPA Pros Prepare For The 2020 Medicaid School Program (MSP)
[ON-DEMAND WEBINAR] CPA Pros Prepare For The 2020 Medicaid School Program (MSP)[ON-DEMAND WEBINAR] CPA Pros Prepare For The 2020 Medicaid School Program (MSP)
[ON-DEMAND WEBINAR] CPA Pros Prepare For The 2020 Medicaid School Program (MSP)Rea & Associates
 
[ON-DEMAND RECORDING] Deep Impact: Is Your Manufacturing Company On A Collisi...
[ON-DEMAND RECORDING] Deep Impact: Is Your Manufacturing Company On A Collisi...[ON-DEMAND RECORDING] Deep Impact: Is Your Manufacturing Company On A Collisi...
[ON-DEMAND RECORDING] Deep Impact: Is Your Manufacturing Company On A Collisi...Rea & Associates
 
[ON-DEMAND WEBINAR] Security Wars: Episode 2 | CMMC: Return of The Process Fo...
[ON-DEMAND WEBINAR] Security Wars: Episode 2 | CMMC: Return of The Process Fo...[ON-DEMAND WEBINAR] Security Wars: Episode 2 | CMMC: Return of The Process Fo...
[ON-DEMAND WEBINAR] Security Wars: Episode 2 | CMMC: Return of The Process Fo...Rea & Associates
 
[ON-DEMAND WEBINAR] Construction Companies: Manage Cyber Risk Exposure & Prev...
[ON-DEMAND WEBINAR] Construction Companies: Manage Cyber Risk Exposure & Prev...[ON-DEMAND WEBINAR] Construction Companies: Manage Cyber Risk Exposure & Prev...
[ON-DEMAND WEBINAR] Construction Companies: Manage Cyber Risk Exposure & Prev...Rea & Associates
 
[ON-DEMAND WEBINAR] Covid Vaccine & HIPAA: Can Employers To Receive The COVID...
[ON-DEMAND WEBINAR] Covid Vaccine & HIPAA: Can Employers To Receive The COVID...[ON-DEMAND WEBINAR] Covid Vaccine & HIPAA: Can Employers To Receive The COVID...
[ON-DEMAND WEBINAR] Covid Vaccine & HIPAA: Can Employers To Receive The COVID...Rea & Associates
 
[ON-DEMAND RECORDING] Managing Remote Employees, HR Policies, Sales Tax, & Ot...
[ON-DEMAND RECORDING] Managing Remote Employees, HR Policies, Sales Tax, & Ot...[ON-DEMAND RECORDING] Managing Remote Employees, HR Policies, Sales Tax, & Ot...
[ON-DEMAND RECORDING] Managing Remote Employees, HR Policies, Sales Tax, & Ot...Rea & Associates
 
EPISODE 1 | Security Wars: A New Goal: CMMC Compliance & Department of Defens...
EPISODE 1 | Security Wars: A New Goal: CMMC Compliance & Department of Defens...EPISODE 1 | Security Wars: A New Goal: CMMC Compliance & Department of Defens...
EPISODE 1 | Security Wars: A New Goal: CMMC Compliance & Department of Defens...Rea & Associates
 
[ON-DEMAND WEBINAR] Third Annual Construction Industry Kickoff | Rea & Associ...
[ON-DEMAND WEBINAR] Third Annual Construction Industry Kickoff | Rea & Associ...[ON-DEMAND WEBINAR] Third Annual Construction Industry Kickoff | Rea & Associ...
[ON-DEMAND WEBINAR] Third Annual Construction Industry Kickoff | Rea & Associ...Rea & Associates
 
[ON-DEMAND WEBINAR] New Year, New COVID 19 Vaccine, New Unemployment Rules, N...
[ON-DEMAND WEBINAR] New Year, New COVID 19 Vaccine, New Unemployment Rules, N...[ON-DEMAND WEBINAR] New Year, New COVID 19 Vaccine, New Unemployment Rules, N...
[ON-DEMAND WEBINAR] New Year, New COVID 19 Vaccine, New Unemployment Rules, N...Rea & Associates
 
[ON-DEMAND WEBINAR] Next Steps In COVID 19 Protocols & Compliance
[ON-DEMAND WEBINAR] Next Steps In COVID 19 Protocols & Compliance[ON-DEMAND WEBINAR] Next Steps In COVID 19 Protocols & Compliance
[ON-DEMAND WEBINAR] Next Steps In COVID 19 Protocols & ComplianceRea & Associates
 

More from Rea & Associates (20)

2022 Rea & Associates' Cybersecurity Conference
2022 Rea & Associates' Cybersecurity Conference 2022 Rea & Associates' Cybersecurity Conference
2022 Rea & Associates' Cybersecurity Conference
 
Rea & Associates' Manufacturing Day 2022
Rea & Associates' Manufacturing Day 2022Rea & Associates' Manufacturing Day 2022
Rea & Associates' Manufacturing Day 2022
 
Rea & Associates - 4th Annual Construction Kickoff
Rea & Associates - 4th Annual Construction KickoffRea & Associates - 4th Annual Construction Kickoff
Rea & Associates - 4th Annual Construction Kickoff
 
Rea Manufacturing Day 2021
Rea Manufacturing Day 2021Rea Manufacturing Day 2021
Rea Manufacturing Day 2021
 
HR Compliance & Insurance Benefit Perspectives: What Employers Should Be Awar...
HR Compliance & Insurance Benefit Perspectives: What Employers Should Be Awar...HR Compliance & Insurance Benefit Perspectives: What Employers Should Be Awar...
HR Compliance & Insurance Benefit Perspectives: What Employers Should Be Awar...
 
LIVE EVENT - 3rd Annual Fall Construction Risk Update - September 30
LIVE EVENT - 3rd Annual Fall Construction Risk Update - September 30LIVE EVENT - 3rd Annual Fall Construction Risk Update - September 30
LIVE EVENT - 3rd Annual Fall Construction Risk Update - September 30
 
[ON-DEMAND WEBINAR] COVID 2.0 | Tips To Address New Cases, Mask Mandates, & V...
[ON-DEMAND WEBINAR] COVID 2.0 | Tips To Address New Cases, Mask Mandates, & V...[ON-DEMAND WEBINAR] COVID 2.0 | Tips To Address New Cases, Mask Mandates, & V...
[ON-DEMAND WEBINAR] COVID 2.0 | Tips To Address New Cases, Mask Mandates, & V...
 
[ON-DEMAND WEBINAR] Revealing The State & Local Tax Considerations Of A Remot...
[ON-DEMAND WEBINAR] Revealing The State & Local Tax Considerations Of A Remot...[ON-DEMAND WEBINAR] Revealing The State & Local Tax Considerations Of A Remot...
[ON-DEMAND WEBINAR] Revealing The State & Local Tax Considerations Of A Remot...
 
[ON-DEMAND WEBINAR] How To Hire More Employees & Keep Them Happy: Tips To Att...
[ON-DEMAND WEBINAR] How To Hire More Employees & Keep Them Happy: Tips To Att...[ON-DEMAND WEBINAR] How To Hire More Employees & Keep Them Happy: Tips To Att...
[ON-DEMAND WEBINAR] How To Hire More Employees & Keep Them Happy: Tips To Att...
 
[ON-DEMAND WEBINAR] Managed Service Providers vs Managed Security Service Pro...
[ON-DEMAND WEBINAR] Managed Service Providers vs Managed Security Service Pro...[ON-DEMAND WEBINAR] Managed Service Providers vs Managed Security Service Pro...
[ON-DEMAND WEBINAR] Managed Service Providers vs Managed Security Service Pro...
 
[ON-DEMAND WEBINAR] CPA Pros Prepare For The 2020 Medicaid School Program (MSP)
[ON-DEMAND WEBINAR] CPA Pros Prepare For The 2020 Medicaid School Program (MSP)[ON-DEMAND WEBINAR] CPA Pros Prepare For The 2020 Medicaid School Program (MSP)
[ON-DEMAND WEBINAR] CPA Pros Prepare For The 2020 Medicaid School Program (MSP)
 
[ON-DEMAND RECORDING] Deep Impact: Is Your Manufacturing Company On A Collisi...
[ON-DEMAND RECORDING] Deep Impact: Is Your Manufacturing Company On A Collisi...[ON-DEMAND RECORDING] Deep Impact: Is Your Manufacturing Company On A Collisi...
[ON-DEMAND RECORDING] Deep Impact: Is Your Manufacturing Company On A Collisi...
 
[ON-DEMAND WEBINAR] Security Wars: Episode 2 | CMMC: Return of The Process Fo...
[ON-DEMAND WEBINAR] Security Wars: Episode 2 | CMMC: Return of The Process Fo...[ON-DEMAND WEBINAR] Security Wars: Episode 2 | CMMC: Return of The Process Fo...
[ON-DEMAND WEBINAR] Security Wars: Episode 2 | CMMC: Return of The Process Fo...
 
[ON-DEMAND WEBINAR] Construction Companies: Manage Cyber Risk Exposure & Prev...
[ON-DEMAND WEBINAR] Construction Companies: Manage Cyber Risk Exposure & Prev...[ON-DEMAND WEBINAR] Construction Companies: Manage Cyber Risk Exposure & Prev...
[ON-DEMAND WEBINAR] Construction Companies: Manage Cyber Risk Exposure & Prev...
 
[ON-DEMAND WEBINAR] Covid Vaccine & HIPAA: Can Employers To Receive The COVID...
[ON-DEMAND WEBINAR] Covid Vaccine & HIPAA: Can Employers To Receive The COVID...[ON-DEMAND WEBINAR] Covid Vaccine & HIPAA: Can Employers To Receive The COVID...
[ON-DEMAND WEBINAR] Covid Vaccine & HIPAA: Can Employers To Receive The COVID...
 
[ON-DEMAND RECORDING] Managing Remote Employees, HR Policies, Sales Tax, & Ot...
[ON-DEMAND RECORDING] Managing Remote Employees, HR Policies, Sales Tax, & Ot...[ON-DEMAND RECORDING] Managing Remote Employees, HR Policies, Sales Tax, & Ot...
[ON-DEMAND RECORDING] Managing Remote Employees, HR Policies, Sales Tax, & Ot...
 
EPISODE 1 | Security Wars: A New Goal: CMMC Compliance & Department of Defens...
EPISODE 1 | Security Wars: A New Goal: CMMC Compliance & Department of Defens...EPISODE 1 | Security Wars: A New Goal: CMMC Compliance & Department of Defens...
EPISODE 1 | Security Wars: A New Goal: CMMC Compliance & Department of Defens...
 
[ON-DEMAND WEBINAR] Third Annual Construction Industry Kickoff | Rea & Associ...
[ON-DEMAND WEBINAR] Third Annual Construction Industry Kickoff | Rea & Associ...[ON-DEMAND WEBINAR] Third Annual Construction Industry Kickoff | Rea & Associ...
[ON-DEMAND WEBINAR] Third Annual Construction Industry Kickoff | Rea & Associ...
 
[ON-DEMAND WEBINAR] New Year, New COVID 19 Vaccine, New Unemployment Rules, N...
[ON-DEMAND WEBINAR] New Year, New COVID 19 Vaccine, New Unemployment Rules, N...[ON-DEMAND WEBINAR] New Year, New COVID 19 Vaccine, New Unemployment Rules, N...
[ON-DEMAND WEBINAR] New Year, New COVID 19 Vaccine, New Unemployment Rules, N...
 
[ON-DEMAND WEBINAR] Next Steps In COVID 19 Protocols & Compliance
[ON-DEMAND WEBINAR] Next Steps In COVID 19 Protocols & Compliance[ON-DEMAND WEBINAR] Next Steps In COVID 19 Protocols & Compliance
[ON-DEMAND WEBINAR] Next Steps In COVID 19 Protocols & Compliance
 

Recently uploaded

Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Anamaria Contreras
 
MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?Olivia Kresic
 
TriStar Gold Corporate Presentation - April 2024
TriStar Gold Corporate Presentation - April 2024TriStar Gold Corporate Presentation - April 2024
TriStar Gold Corporate Presentation - April 2024Adnet Communications
 
Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03DallasHaselhorst
 
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City GurgaonCall Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaoncallgirls2057
 
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort ServiceCall US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Servicecallgirls2057
 
Fordham -How effective decision-making is within the IT department - Analysis...
Fordham -How effective decision-making is within the IT department - Analysis...Fordham -How effective decision-making is within the IT department - Analysis...
Fordham -How effective decision-making is within the IT department - Analysis...Peter Ward
 
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfNewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfKhaled Al Awadi
 
Church Building Grants To Assist With New Construction, Additions, And Restor...
Church Building Grants To Assist With New Construction, Additions, And Restor...Church Building Grants To Assist With New Construction, Additions, And Restor...
Church Building Grants To Assist With New Construction, Additions, And Restor...Americas Got Grants
 
Investment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy CheruiyotInvestment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy Cheruiyotictsugar
 
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607dollysharma2066
 
8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCRashishs7044
 
Chapter 9 PPT 4th edition.pdf internal audit
Chapter 9 PPT 4th edition.pdf internal auditChapter 9 PPT 4th edition.pdf internal audit
Chapter 9 PPT 4th edition.pdf internal auditNhtLNguyn9
 
Annual General Meeting Presentation Slides
Annual General Meeting Presentation SlidesAnnual General Meeting Presentation Slides
Annual General Meeting Presentation SlidesKeppelCorporation
 
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu MenzaYouth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu Menzaictsugar
 
8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCR8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCRashishs7044
 
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCRashishs7044
 
Kenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith PereraKenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith Pereraictsugar
 

Recently uploaded (20)

Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.
 
Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCR
Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCREnjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCR
Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCR
 
MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?
 
TriStar Gold Corporate Presentation - April 2024
TriStar Gold Corporate Presentation - April 2024TriStar Gold Corporate Presentation - April 2024
TriStar Gold Corporate Presentation - April 2024
 
Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03
 
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City GurgaonCall Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
 
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort ServiceCall US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
 
Fordham -How effective decision-making is within the IT department - Analysis...
Fordham -How effective decision-making is within the IT department - Analysis...Fordham -How effective decision-making is within the IT department - Analysis...
Fordham -How effective decision-making is within the IT department - Analysis...
 
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfNewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
 
Church Building Grants To Assist With New Construction, Additions, And Restor...
Church Building Grants To Assist With New Construction, Additions, And Restor...Church Building Grants To Assist With New Construction, Additions, And Restor...
Church Building Grants To Assist With New Construction, Additions, And Restor...
 
Investment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy CheruiyotInvestment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy Cheruiyot
 
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
 
8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR
 
Chapter 9 PPT 4th edition.pdf internal audit
Chapter 9 PPT 4th edition.pdf internal auditChapter 9 PPT 4th edition.pdf internal audit
Chapter 9 PPT 4th edition.pdf internal audit
 
Annual General Meeting Presentation Slides
Annual General Meeting Presentation SlidesAnnual General Meeting Presentation Slides
Annual General Meeting Presentation Slides
 
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu MenzaYouth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
 
8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCR8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCR
 
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
 
Japan IT Week 2024 Brochure by 47Billion (English)
Japan IT Week 2024 Brochure by 47Billion (English)Japan IT Week 2024 Brochure by 47Billion (English)
Japan IT Week 2024 Brochure by 47Billion (English)
 
Kenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith PereraKenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith Perera
 

[ON-DEMAND WEBINAR] Understanding SOC2: A SOC 2 Guide for Managed Service Providers (MSPs)

  • 1. REA CYBER SERVICES SOC 2: Guide for MSPs Brian Garland Senior Manager, Cyber Services | Rea & Associates, Inc. Brian.Garland@reacpa.com Paul Hugenberg Principal, Cyber Services | Rea & Associates, Inc. Paul.Hugenberg@reacpa.com March 2021 REA CYBER SERVICES SOC 2: Guide for MSPs March 2021 Brian Garland, CPA, CISA Senior Manager, Cyber Services | Rea & Associates, Inc. Brian.Garland@reacpa.com Paul Hugenberg, CISA, CISSP, CRISC, CPA Principal, Cyber Services | Rea & Associates, Inc. Paul.Hugenberg@reacpa.com
  • 2. REA CYBER SERVICES SOC 2: Guide for MSPs 2 • Common Myths Regarding SOC 2 • SOC Structure – What is it? • What is SOC2 designed to do for your MSP • Reasons to leverage the SOC 2 framework • Situations when other options may be preferable Agenda
  • 3. REA CYBER SERVICES SOC 2: Guide for MSPs 3 Poll Question • Which of the following is your MSP’s primary approaches to satisfying customer/prospect due diligence requests? • SOC 2 • NIST • HITRUST • ISO • Other
  • 4. REA CYBER SERVICES SOC 2: Guide for MSPs 4 • Anyone can perform a SOC for me. • I can get a SOC 2 “Certification”. • Technical examination only. • All SOCs are the same. All vendors are the same. • A SOC has no ROI for the MSP/MSSP. • All Opinions are equal. • A SOC2 satisfies other regulations. • A SOC2 cannot include other regulations. Common Myths Surrounding SOC 2
  • 5. REA CYBER SERVICES SOC 2: Guide for MSPs SOC 2 Security - REQUIRED Privacy - OPTIONAL Availability - OPTIONAL Processing Integrity - OPTIONAL Confidentiality - OPTIONAL 5 • Trust Services Criteria (previously Trust Services Principles and Criteria) AICPA Service Organization Control (SOC 2)
  • 6. REA CYBER SERVICES SOC 2: Guide for MSPs 6 SOC 1 • Report on financial controls of a service organization • i.e. payroll processors, SaaS applications critical to financial report (general ledger) SOC 2 • Report on controls over in scope systems, regarding CIA+ • Security • Processing Integrity • Confidentiality • Availability • Privacy SOC 3 • Same reporting requirements as SOC 2, however distribution is for public use • Higher level PRIVATE PRIVATE PUBLIC
  • 7. REA CYBER SERVICES SOC 2: Guide for MSPs 7 • Review of current state compared to Trust Service Criteria • “GAP Analysis” • Non assurance report SOC 2 Readiness Assessment • Review of control design and system description, at a point in time SOC 2 – Type 1 • Review of control design, system description, and control operating effectiveness over a period of time SOC 2 – Type 2 NO OPINION SINGLE OPINION DUAL OPINION
  • 8. REA CYBER SERVICES SOC 2: Guide for MSPs 8 SOC 2 Recap • Trust Services Criteria • Common Criteria – Required (33 Control Objectives) • Other criteria are add on • Based on the MSP’s SLAs and customer requirements • Type 1 and Type 2
  • 9. REA CYBER SERVICES SOC 2: Guide for MSPs 9 Poll Question •Is your MSP looking to expand into regulated markets? (Healthcare, financial services) •Yes •Yes, in the next 1-3 years •Not at this time
  • 10. REA CYBER SERVICES SOC 2: Guide for MSPs 10 Intent of SOC2 for MSPs Demonstrating commitment to internal controls Trust in the market Requirement for certain industries Competitive advantage
  • 11. REA CYBER SERVICES SOC 2: Guide for MSPs 11 • Recognized framework under AICPA • Opinion based reporting on internal controls • In comparison to other common frameworks • Primary documentation requested by risk management teams Why SOC 2?
  • 12. REA CYBER SERVICES SOC 2: Guide for MSPs 12 Key questions to address What types of requests do you get from customers/suppliers on your IT controls and data security? How much time do you spend a month/quarter/year marketing to potential customers on your company’s data security controls? What type of steps does the organization perform around IT security risk mitigation? How do other companies in your market promote/position themselves related to cyber security? Do you consider cyber risk mitigation and reporting a competitive advantage?
  • 13. REA CYBER SERVICES SOC 2: Guide for MSPs 13 • Framework based information security plan • i.e. National Institute of Standards and Technology (NIST) • ISO 27001 • HITRUST • Other industry specific frameworks Other Options For MSPs
  • 14. REA CYBER SERVICES SOC 2: Guide for MSPs 14 MSP Market Trends • Global Managed Services Market = CAGR ~ 11.2% 2020 – 2026 (source: Modor Intelligence) • M&A activity expected to increase • Migration to cloud platforms • Customer focus on cyber security initiatives • “….“ as a service • Movement from break/fix arrangements to managed IT and security services
  • 15. REA CYBER SERVICES SOC 2: Guide for MSPs 15 QUESTIONS???

Editor's Notes

  1. $152.05 billion in 2020 $274.20 billion by 2026
  2. $152.05 billion in 2020 $274.20 billion by 2026