Course Description:
In October 2022, the AICPA released the updated SOC 2 guide. While many of the SOC 2 requirements remain similar, there has been a lot of clarification and expansion of details, guidelines, and implementation in the guide.
In this course, Jeff Cook—a long-time SOC practitioner and member of the SOC 2 working group that helped develop the guide—discusses the highlights of some of the more significant topic areas that were updated. These updates include commitments and system requirements, controls that did not operate during an audit period, confidentiality versus privacy, vendors versus subservice organizations, complementary user-entity controls (CUECs), use of tech/software apps or tools, independence requirements, and SOC 2+ and/or other frameworks. This course will also discuss the updates to DC 200 (description criteria) and TSP 100 (trust services criteria) and the report language needed for SSAE 21. If you are a practitioner in the SOC 2 space, this course is a must for you!
Learning Objectives:
Identify the clarification and expansion of details, guidelines, and implementations in the updated SOC 2 guide
Recall the updates to DC 200 and TSP 100
Determine the report language needed for SSAE 21
Fields of Study:
Auditing
Course Level:
Intermediate
Prerequisites:
Working knowledge of existing SOC 2 guidelines
Advanced Preparation:
None