Obtaining a SOC2 audit report and getting certified has become an essential, in many cases, a contractual obligation for IT service providers seeking to enter the global market, whether they are newly established startups or tech giants.
The American Institute of Certified Public Accountants (AICPA) has set up a 5-step audit process, called Trust Services Principles: this values the internal control process by security, confidentiality, processing integrity, availability, and data privacy.
However, there is a long way to go to achieve the certification with numerous pitfalls, such as the inappropriate determination of scope of the systems and services, the audit period, and IT security controls, or the misinterpretation of the Trust Services Criteria or the requirements of the report readers i.e. the clients, investors and auditors.
If the SOC2 report reveals key deficiencies, the clients of the service provider may either withdraw from the partnership or consider the contractual requirements as non-compliant, which leads to a financial burden and, of course, a loss of reputation.
In this webinar, we will focus on the most common mistakes, talk about how to prepare for the audit in a resource-efficient way, and define the requirements for the service organization from an auditor perspective.
- What is SOC2?
- Introducing the most common mistakes before/during/after the audit
- The essence of auditing and effective preparation
- SOC2 audit experiences and benchmark data
The event is not intended for advisors and employees of companies engaged in advisory services. Deloitte reserves the right to create the list of participants.