Virtual Cyber & Technology Risk Management Forum

• SOC 1: o Controls relevant to a service organization’s internal control over financial reporting • SOC 2: o Examination of a service organization’s controls over one or more of the 5 Trusted Services Criteria • SOC 3: o SOC 2 minus the juicy stuff o It’s publicly available • Type 1: o Control effectiveness as a snapshot in time • Type 2: o Control effectiveness over a period of time SOC Audits

© 2020 SBS CyberSecurity, LLC www.sbscyber.com

38