How to Read a SOC Report
Published on by Robert Ramsay, Regina Akrong, in SOC Reports, Video
Can’t watch the video? Get the transcript.
There’s no green checkmark or pass/fail on a SOC report, so interpreting them can be a bit of a challenge. In this short video, top SOC reporting pros Robert Ramsay and Regina Akrong dive into what to look for, key elements of a SOC reporting checklist, and how to interpret exceptions. Request your SOC reporting checklist here.
You might also be interested in our library of SOC reporting videos, including everything from pursuing a career in SOC reporting to our DIY SOC reporting series, which you can watch on demand. The differences between SOC 1, SOC 2, and SOC 3 are also covered, as are topics ranging from PCI DSS and HECVAT to how SSAE 21 impacts your SOC report.
Barnes Dennig’s team of top SOC reporting pros works with organizations around the globe, providing assurance to our clients’ customers on the security of their systems and controls. With top-notch experts and industry-leading insights, they can provide the peace of mind you need. Contact us for a free consultation. As always, we’re here to help.
Video summary
In this video, Barnes Dennig SOC reporting pros Robert Ramsay and Regina Akrong discuss reading and interpreting SOC reports. They explain that SOC reports are often requested as part of vendor risk management processes and provide insights into how third-party vendors handle data.
They cover the importance of checking the disclosure portion of the report, which can provide information about encryption, antivirus software, and system design. They also mention the challenges of interpreting the auditor’s opinion and provide a checklist of things to look for in a SOC report, including the scope of the report, the type of SOC report (SOC 1 or SOC 2), the presence of exceptions, and the availability of a summary form for evaluating multiple vendors.
If you’d like a copy of the checklists they discuss, contact us.