System and Organization Controls (SOC) reports are critical for both organizations that service other organizations and for those that are being provided a service. This session will explore why SOC reports are important and why you should either be getting one for your own organization or requesting one from your vendors.
Learning Objectives:
WithumSmith+Brown, PC
Senior Manager
[email protected]
(732) 828-1614
The AICPA selected Scott to write and present the first-ever Education Program for "Reporting on an Entities Cybersecurity Risk Management Program and Controls" to cybersecurity professionals obtaining SOC for Cybersecurity certification. This program is the first of its kind, and as the author and presenter, Scott is one of the first in the U.S. to become certified. With 20+ years of experience, Scott is a Senior Manager within Withum’s SOC Services practice. His expertise lies within internal control assessments, risk assessments, SOC reporting (SOC 1, SOC 2, SOC 3, and SOC for Cybersecurity), SOX 404, and internal audit co-sourcing.
WithumSmith+Brown, PC
Manager, System and Assurance Advisory Services
[email protected]
Andrea has over seven years of professional experience and is a manager within the System and Assurance Advisory Services practice. She specializes in internal control assessments and consulting services relating to Sarbanes-Oxley Act (SOX) and service organization control (SOC) reporting. Andrea is involved in the issuance of over 100 SOC reports, including a combination of SOC 1, SOC 2, and SOC 3 reports.