In this lesson, Nick Palazzolo, CPA, elaborates on the detailed process of examining and testing security protocols within a Service Organization Control (SOC) 2 engagement. Centering on the organization’s commitments regarding data confidentiality, integrity, availability, and privacy, he delves into understanding service level agreements and other related documentation. Nick guides through evaluating system requirements to ensure these commitments align with security practices. Further, he explores how to assess these systems using the trust services criteria, including risk management, control monitoring, access control, and network security, followed by conducting incident response assessments and gap analysis. Throughout the lesson, Nick emphasizes the importance of repetition in the learning process and highlights common procedures like interviews, control testing, and documentation specific to SOC 2 engagements. This structured approach ensures a thorough understanding and effective evaluation of an organization’s adherence to security standards.
This video and the rest on this topic are available with any paid plan.
See Pricing