SOC (System and Organization Controls) reports are designed to assess and provide assurance about a service organization's internal controls. They are commonly used in IT security, cloud computing, and financial auditing. In this session, we describe the three different types of SOC reports and how to approach them in an audit.
This course is a part of IT Audit Bytes series. The other Segments of this series are:
- IT Audit Bytes - Access Control
- IT Audit Bytes - Backup and Recovery
- IT Audit Bytes - Change Management
- IT Audit Bytes - Cybersecurity
- IT Audit Bytes - Data Loss Prevention
- IT Audit Bytes - Disaster Recovery and BCP
- IT Audit Bytes - IT Control Frameworks/li>
- IT Audit Bytes - Job Monitoring
- IT Audit Bytes - Logging and SEIM
- IT Audit Bytes - Network Security and Detection
- IT Audit Bytes - Password Management
- IT Audit Bytes - Physical Security
- IT Audit Bytes - Provisioning and Deprovisioning
- IT Audit Bytes - SDLC Controls
- IT Audit Bytes - Security Awareness Training
- IT Audit Bytes - Separation of Duties Controls
- IT Audit Bytes - SOC Reports
- IT Audit Bytes - Strategy and Governance
- IT Audit Bytes - Third-Party IT Risk Management (TPRM)
Prerequisites
No advanced preparation or prerequisites are required for this course.
Learning Objective
- Discover and differentiate SOC1, SOC2, SOC3 reports, and bridge letters.
- Discover and describe the controls tested in these reports.
- Recognize the role auditors play in reviewing these reports.
Last updated/reviewed: March 05, 2025
(0) Reviews
(0 rating)Lesson Questions and Answers0 Questions
There are no questions.
Answers to Frequently Asked Questions (FAQs)
Toby DeRoche
Owner
INTRODUCTION AND OVERVIEW
- Introduction to SOC Reports 0:58
- What is SOC Reports 13:59
- Control Testing 10:26
CONTINUOUS PLAY
SUPPORTING MATERIAL
REVIEW & TEST
- REVIEW QUESTIONS quiz
- FINAL EXAM exam
Ask the instructor a question about this lesson