Sign up if...

  • You're trying to figure out what SOC 2 is and if it's something worth getting

  • You're a business owner, leader, Board member, or in the C-Suite

  • You're responsible for getting and maintaining SOC 2 at your company

  • You just are curious and want to understand the requirements of SOC 2

  • You need to be equipped to navigate the marketplace for making fact-based decisions around SOC 2

Course curriculum

  • 1

    Welcome to the course!

    • A message from your instructor

    • How to use this course

    • Before we begin...

  • 2


    • Background and Walkthrough SOC 2

  • 3


    • Common

    • Myth #1: It's too hard to get

    • Myth #2: I have to have a Type I first

    • Type I is easier and quicker

    • Myth #3: Once I get my SOC 2 report, I'm done

    • It's like an ongoing relationship

    • Myth #4: I must use a Consultant to get me ready for SOC 2

    • A less direct path

    • Myth #5: I can just download the SOC 2 requirements and do what it says

    • Myth #6: If I ignore SOC 2, it'll go away

    • Regulation is coming

    • Myth #7: Protecting regulated data is my choice

    • Put that thing in the garage

    • Myth #8: SOC 2 can be done for the first time in days

    • Think it through

    • Get buff

    • Myth #9: SOC 2 can be fully automated

    • Automation vs a user

    • Automation requires attention

  • 4


    • SOC 2 drives revenue

    • SOC 2 helps you land larger clients

    • SOC 2 is revenue-generating

    • SOC 2 can help you safeguard your business

    • A flaming moat

    • Helps you sleep at night

    • Ultimate body pillow

  • 5


    • Type I and Type II explained

    • Type I is training wheels

    • It's all about risk

    • Know where the risk are

    • Independent validate assurance

    • SOC 2 is like having a drivers license

  • 6


    • CC1: Control Environment

    • Don't forget your playbook

    • CC2: Communication and Information

    • CC3: Risk Assessment

    • Risk assessment helps you prioritize

    • CC4: Monitoring Activities

    • Importance of monitoring

    • CC5: Control Activities

    • CC6: Logical and Physical Access Controls

    • Logical and Physical Access demonstrated from The Mandalorian

    • CC7: System Operations

    • CC8: Change Management

    • Change management protects against compromise

    • CC9: Risk Mitigation

    • Choose good friends

  • 7


    • A1: Availability

  • 8


    • C1: Confidentiality

  • 9

    Processing Integrity

    • PI1: Processing Integrity

  • 10


    • P1: Notice and Communication

    • P2: Choice and Consent

    • P3: Collection

    • P4: Use, Retention, and Disposal

    • Don't keep it past the expiration date

    • P5: Access

    • P6: Disclosure and Notification

    • P7: Quality

    • P8: Monitoring and Enforcement

  • 11

    Ongoing Success

    • Start the right recipe from the beginning

    • Not set-it-and-forget-it

    • Use a tool to make it sustainable

    • Bake it into your processes and BAU

    • Ongoing maintenance

    • Don't ignore failures

    • If you fall, get back up

    • It's important, put in the commitment and effort

  • 12

    Thank you!

    • Prepare for the final exam

    • So where do you start?

    • Before you go...

    • Thank you!

  • SOC 2: For the Successful

    SOC 2 and Compliance- it’s not just for winning over clients. Staying up to date with your data security makes you a responsible business owner. Likewise, it facilitates company growth and fosters success.

  • SOC 2 Transforms

    We use a risk-based approach based on your goals to guide your company to SOC 2 success in a simple, streamlined fashion. Say goodbye to unnecessary stress, and hello to simple.

  • SOC 2 Identifies

    Break down the process of identifying what your risk is and what your data protection should be with SOC 2. After all, we all want to make implementing the best programs and practices a lot easier.

  • SOC 2 = More Clients for You

    Do you want evidence of a well-protected business? Hope to provide clients with the peace of mind they deserve. If that’s the case, SOC 2 is for you…and your clients.

  • Build Trust with SOC 2

    SOC 2 means proof of protection- proof of protection means customers, employees, and partners can trust you because they know your systems and controls are secure. Become a trustworthy partner.

  • SOC 2 is Essential

    A passing SOC 2 report gives unbiased assurance that you’re doing things right. In reality, it’s basically impossible to have confidence in the fact that you’re doing your part to provide security to yourself, your company and your clients without one. Protect data and be a good steward of what you’re entrusted.

Meet Cheri-Your SOC 2 Expert Help


Cheri Hotman

Cheri's drive to succeed began when she graduated with an MBA from the University of Texas at Dallas and has only grown since then. With a Corporate career to the Vice President level predominately in banking, financial services, and consulting, she has a firm grasp on the particulars of the business world, making her even more informed and effective in cybersecurity. Cheri is a CPA, meaning she can both perform SOC 2 audits and help companies prepare for them. She is a BCC (Board Certified Coach), and holds her CISSP- the gold standard in cybersecurity.

Take Advantage

Leverage SOC 2 knowledge and understanding from a CPA expert in SOC 2 and cybersecurity