In October 2022, the AICPA released the updated SOC 2 guide. While many of the SOC 2 requirements remain similar, there has been a lot of clarification and expansion of details, guidelines, and implementation in the guide.
In this course, Jeff Cook—a long-time SOC practitioner and member of the SOC 2 working group that helped develop the guide—discusses the highlights of some of the more significant topic areas that were updated. These updates include commitments and system requirements, controls that did not operate during an audit period, confidentiality versus privacy, vendors versus subservice organizations, complementary user-entity controls (CUECs), use of tech/software apps or tools, independence requirements, and SOC 2+ and/or other frameworks. This course will also discuss the updates to DC 200 (description criteria) and TSP 100 (trust services criteria) and the report language needed for SSAE 21. If you are a practitioner in the SOC 2 space, this course is a must for you!
Learning Objectives:
Jeff Cook CPA, LLC
CFO & Co-Founder
[email protected]
Jeff is an information assurance and public accounting professional with over 9 years of IT audit and consulting experience and over 20 years of experience in public accounting and auditing. Jeff has worked extensively on SOC in addition to providing IT audit support for traditional financial statement audits. Jeff also has functional knowledge of ISO standards, CSA STAR, C5, FISMA, and FedRAMP. Jeff has grown and developed several IT audit and SOC practices at various firms throughout his career, as well as participated in firm quality control for SOC engagements. Jeff is also heavily involved with the AICPA, volunteering with the development of the SOC and CITP programs. Jeff is part of the SOC 2 working group, which helps develop the AICPA SOC 2 guide, and has developed numerous pieces of training for the AICPA.