Advanced SOC 2 Auditing: Proven Strategies for Auditing the Security, Availability and Confidentiality TSCs

Offered By: LinkedIn Learning

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!

Grab it

Learn advanced skills and tactical insights to conduct SOC 2 audits effectively.

Syllabus

Introduction

• Be an advanced SOC 2 MVP

COSO Principle 1: Upholding integrity and ethical values

• Exploring CC1.1
COSO Principle 2: Ensuring board independence and oversight of internal control
• Exploring CC1.2
COSO Principle 3: Establishing effective structures and reporting lines for objective pursuit
• Exploring CC1.3
COSO Principle 4: Fostering a commitment to competent talent acquisition, development, and retention in alignment with objectives
• Exploring CC1.4
COSO Principle 5: Ensuring accountability for internal control responsibilities in objective pursuit
• Exploring CC1.5
COSO Principle 13: Leveraging relevant, quality information to enhance internal control functionality
• Exploring CC2.1
COSO Principle 14: Enhancing internal control through effective internal communication of objectives and responsibilities
• Exploring CC2.2
COSO Principle 15: Facilitating external communication for effective functioning of internal control
• Exploring CC2.3
COSO Principle 6: Defining clear objectives to facilitate risk identification and assessment
• Exploring CC3.1
COSO Principle 7: Identifying and analyzing risks for effective objective achievement and risk management
• Exploring CC3.2
COSO Principle 8: Addressing fraud potential in risk assessment for objective achievement
• Exploring CC3.3
COSO Principle 9: Evaluating changes that significantly impact the internal control system
• Exploring CC3.4
COSO Principle 16: Evaluating component presence and functionality for effective internal control
• Exploring CC4.1
COSO Principle 17: Timely evaluation and communication of internal control deficiencies for effective corrective action
• Exploring CC4.2
COSO Principle 10: Selecting and developing control activities to mitigate risks to achieve acceptable levels
• Exploring CC5.1
COSO Principle 11: Selecting and developing technology control activities for objective support
• Exploring CC5.2
COSO Principle 12: Deploying control activities through policies and procedures for effective implementation
• Exploring CC5.3
Implementing logical access security for protected information assets to meet objectives
• Exploring CC6.1
Granting user access: Registering, authorizing, and administering system credentials
• Exploring CC6.2
Removing user access: Role-based authorization, segregation of duties, and access modification
• Exploring CC6.3
Securing physical access: Restricting facilities and protected information assets to authorized personnel
• Exploring CC6.4
Safeguarding physical assets: Discontinuing protections in alignment with objectives
• Exploring CC6.5
Strengthening logical access security: Safeguarding against external threats
• Exploring CC6.6
Safeguarding information: Restricting transmission, movement, and removal to achieve objectives
• Exploring CC6.7
Preventing and detecting unauthorized or malicious software: Controls for objective alignment
• Exploring CC6.8
Detecting and monitoring procedures: Identifying configuration changes and vulnerabilities for objective alignment
• Exploring CC7.1
Monitoring system components: Detecting anomalies and analyzing security events for objective fulfillment
• Exploring CC7.2
Evaluating security events: Preventing and addressing failures to achieve objectives
• Exploring CC7.3
Responding to security incidents: Executing an effective incident response program
• Exploring CC7.4
Recovering from security incidents: Identifying, developing, and implementing effective recovery activities
• Exploring CC7.5
Change management for objective alignment: Authorizing, designing, and implementing changes
• Exploring CC8.1
Mitigating business disruption risks: Identifying, selecting, and developing risk mitigation activities
• Exploring CC9.1
Managing vendor and business partner risks: Assessing and mitigating risks effectively
• Exploring CC9.2
Managing processing capacity: Monitoring, evaluating, and enabling additional capacity for objective fulfillment
• Exploring A1.1
Protecting environment, software, and data: Authorization, design, implementation, and monitoring for objective achievement
• Exploring A1.2
Testing recovery plan procedures: Ensuring system recovery for objective fulfillment
• Exploring A1.3
Safeguarding confidential information: Identification and maintenance for objective alignment
• Exploring C1.1
Confidential information disposal: Ensuring objective-driven confidentiality practices
• Exploring C1.2
4. Testing Considerations
• Comprehensive guide to completeness and accuracy in SOC 2 auditing: Ensuring reliable and comprehensive evaluations
• Applying sample testing and attribute testing in SOC 2 audits
• Mastering comprehensive testing note documentation in SOC 2 audits: Enhancing clarity for effective review
• Reviewing and aligning section 3 and section 4 in SOC 2 audits: Ensuring consistency and cohesion for reliable assurance
• Exploring technical testing considerations in SOC 2 audits: Navigating cloud-based challenges and evaluating technical evidence
Conclusion
• Next steps

Taught by

AJ Yawn