Obtaining a SOC2 audit report and getting certified has become an essential, in many cases, a contractual obligation for IT service providers seeking to enter the global market, whether they are newly established startups or tech giants.

The American Institute of Certified Public Accountants (AICPA) has set up a 5-step audit process, called Trust Services Principles: this values the internal control process by security, confidentiality, processing integrity, availability, and data privacy.

However, there is a long way to go to achieve the certification with numerous pitfalls, such as the inappropriate determination of scope of the systems and services, the audit period, and IT security controls, or the misinterpretation of the Trust Services Criteria or the requirements of the report readers i.e. the clients, investors and auditors.

If the SOC2 report reveals key deficiencies, the clients of the service provider may either withdraw from the partnership or consider the contractual requirements as non-compliant, which leads to a financial burden and, of course, a loss of reputation.

In this webinar, we will focus on the most common mistakes, talk about how to prepare for the audit in a resource-efficient way, and define the requirements for the service organization from an auditor perspective.

Agenda:

What is SOC2?
Introducing the most common mistakes before/during/after the audit
The essence of auditing and effective preparation
SOC2 audit experiences and benchmark data
Q&A

Speaker

The speaker, Gergő Barta Ph.D. , has almost 10 years of experience in SOC1 / SOC2 audits and has participated in numerous SOC2 reporting and consulting projects internationally from the United States to China, and in especially Central Europe. He is currently working on various SOC projects with several international startups and large technology companies, respectively.

The event is not intended for advisors and employees of companies engaged in advisory services. Deloitte reserves the right to create the list of participants.