Sign up if you are...

  • Trying to figure out what SOC 2 compliance is and if it's worth it

  • A business owner, leader, Board member, or in the C-Suite

  • Responsible for cybersecurity, internal controls, or getting and maintaining SOC 2 at your company

  • Just curious and want to understand the requirements of SOC 2 compliance and reporting

  • Needing to be equipped to navigate the marketplace for making fact-based decisions around SOC 2 consultancy

Course curriculum

  1. 1
    • A message from your instructor, Cheri:

    • How to use this course

    • Before we begin...

  2. 2
    • Background and Walkthrough SOC 2

  3. 3
    • Common myths

    • Myth #1: It's too hard to get

    • Myth #2: I have to have a Type I first

    • Type I is easier and quicker

    • Myth #3: Once I get my SOC 2 report, I'm done

    • An ongoing relationship

    • Myth #4: I must use a consultant to get me ready for SOC 2

    • A less direct path

    • Myth #5: I can just download the SOC 2 requirements and do what it says

    • Myth #6: If I ignore SOC 2, it'll go away

    • Regulation is coming

    • Myth #7: Protecting regulated data is my choice

    • Put that thing in the garage

    • Myth #8: SOC 2 can be done for the first time in days

    • Think it through

    • Get buff

    • Myth #9: SOC 2 can be fully automated

    • Automation vs. a user

    • Automation requires attention

  4. 4
    • SOC 2 grows your business

    • SOC 2 helps you land larger clients

    • SOC 2 is revenue-generating

    • SOC 2 can help you safeguard your business

    • SOC 2 can be a flaming moat

    • SOC 2 will help you sleep at night

    • SOC 2 is the ultimate body pillow

  5. 5
    • Type I and Type II explained

    • Type I is training wheels

    • It's all about risk

    • Know where the risk are

    • Independently validated assurance

    • SOC 2 is like having a driver's license

  6. 6
    • CC1: Control Environment

    • Don't forget your playbook

    • CC2: Communication and Information

    • CC3: Risk Assessment

    • Risk assessment helps you prioritize

    • CC4: Monitoring Activities

    • Importance of monitoring

    • CC5: Control Activities

    • CC6: Logical and Physical Access Controls

    • Logical and Physical Access demonstrated from The Mandalorian

    • CC7: System Operations

    • CC8: Change Management

    • Change management protects against compromise

    • CC9: Risk Mitigation

    • Choose good friends

  7. 7
    • A1: Availability

  8. 8
    • C1: Confidentiality

  9. 9
    • PI1: Processing Integrity

  10. 10
    • P1: Notice and Communication

    • P2: Choice and Consent

    • P3: Collection

    • P4: Use, Retention, and Disposal

    • Don't keep it past the expiration date

    • P5: Access

    • P6: Disclosure and Notification

    • P7: Quality

    • P8: Monitoring and Enforcement

  11. 11
    • Start the right recipe from the beginning

    • Not set-it-and-forget-it

    • Use a tool to make it sustainable

    • Bake it into your processes and "BAU" (Business as usual)

    • Ongoing maintenance

    • Don't ignore failures

    • If you fall, get back up

    • It's important, put in the commitment and effort

  12. 12
    • Prepare for the final exam

    • So where do you start?

    • Before you go...

    • Thank you!

  • SOC 2: For the Secure & Successful

    SOC 2 Compliance: It’s not just for keeping your data safeguarded, it can help you win new clients! Staying up to date with controls around cybersecurity can facilitate trust and growth with your employees, users, customers, and clients. All things necessary for success in the modern business world.

  • Your SOC 2 Transformation

    Utilize a risk-based approach, based on your company’s unique goals, to guide your organization into SOC 2 in a simple, streamlined fashion. With the right knowledge and planning from the top down of the organization, your SOC 2 transformation can be stress-free.

  • SOC 2: Risk Identification and Mitigation

    Break down the process of identifying what your major risks are and what your data protection plan should be under SOC 2. After all, we all want to make implementing the best policies & practices a lot easier, at the start and in the long run.

  • SOC 2 = More Clients for You

    All clients want evidence of a well-protected business, with processes in place to protect the data they share with your organization. With SOC 2, provide clients with the peace of mind they deserve. Effectively designed and operating cybersecurity controls is not just for you -- it’s for your clients too, past, present, and future.

  • Build Trust With SOC 2

    SOC 2 means proof of protection around your data - proof of protection means customers, employees, and partners can trust you, knowing your information systems are secured by working controls. Become a trustworthy partner to all your counterparties with full SOC 2 compliance.

  • SOC 2 is Essential

    A passing, independent SOC 2 audit report gives unbiased assurance to the business world that you’re doing things right. Without one, it may be impossible to give anyone confidence that you are a responsible business owner taking care of your data. SOC 2 compliance ultimately means being a good steward of the valuable information that has been entrusted to you - which is essential to any modern business.

Meet Cheri-Your SOC 2 Expert Help

Owner Principal, vCISO

Cheri Hotman

Cheri’s graduated with an MBA from the University of Texas at Dallas and her drive toward Tech and cybersecurity has only grown since then. With a Corporate career - to the Vice President level - in banking, financial services, and consulting, she has a firm grasp on the particulars of the business world. Continuing education and consultancy work has made her even more informed and effective on the topic of modern cybersecurity. Cheri is a CPA, meaning she can both perform SOC 2 audits and help companies prepare for them. She is a BCC (Board Certified Coach), and holds her CISSP (Certified Information Systems Security Professional) - the gold standard in cybersecurity. In sum, you can count on her to know her stuff!

Take Advantage

Leverage SOC 2 knowledge and understanding from a CPA expert in SOC 2 and cybersecurity