© Copyright VLR Training | 2020
VLR Training provides SOC Audit Training (System and organisation controls SOC 1 & SOC 2) online Training in Hyderabad by Industry Expert Trainer. We provide SOC Audit Training (System and organisation controls SOC 1 & SOC 2) live projects to the students and also Every day SOC Audit Training (System and organisation controls SOC 1 & SOC 2) Recorded sessions.
What is SOC Audit - System and organisation controls (SOC 1 & SOC 2)
A SOC (System and Organization Controls) audit is an independent assessment of an organization’s internal controls and processes related to data security, privacy, and other relevant factors. The goal of a SOC audit is to provide assurance to stakeholders that an organization’s systems, operations, and data protection measures are effectively designed, implemented, and operating as intended.
SOC 1: This audit focuses on the controls related to financial reporting. It is often relevant for organizations that provide services that could impact the financial statements of their clients, such as third-party service providers that process financial transactions.
SOC 2: This audit evaluates the controls related to security, availability, processing integrity, confidentiality, and privacy of an organization’s systems and data. It is particularly important for technology companies, cloud service providers, and organizations that handle sensitive customer data.
SOC Audit Training (System and organisation controls SOC 1 & SOC 2) Online Training Course Details
Course Duration
30 to40 Days
Realtime training
Projects
Mode of Training
Online
SOC Audit Training (System and organisation controls SOC 1 & SOC 2) training Course content
▪ What is IT Audit
▪ Types of Auditors (Internal and External)
▪ Different phases of IT Audit
▪ Audit Opinions
▪ Absolute vs Reasonable assurance
▪ Parent SOP
▪ Child SOP
▪ Different SOP Fields and Format
▪ How WT Conducted
▪ Test Of Design (TOD)
▪ Walkthrough Questionnaire
▪ Internal Controls Related to SOC-1
▪ How SOC -1 Audit will be conducted
▪ AICPA Role in the SOC -2
▪ Different Trust Service Criteria (TSC)
▪ CSOC
▪ CUEC
▪ Gap Letter
▪ Detailed Explanation of different sections in SOC Report
▪ What is effect of exceptions while testing controls
▪ Mitigating controls for each control domain category
▪ Test of Operating Effectiveness (TOE)
▪ How many samples need to pick while doing TOE
▪ Different sampling techniques
▪ Automatic Tools for sampling
▪ New Employee Controls
▪ Active Employee Controls
▪ Terminated Employee Controls
▪ Types of changes
▪ Check list auditor has to verify while conducting audit
▪ Segregation of duties
▪ How change created through Incident
▪ Effect of SOD Conflict
▪ Mitigating Controls
▪ Types of Incidents
▪ Incident Management process
▪ Auditor Check list while doing audit
▪ Problem Management
▪ Incident vs Problem Management
▪ Provisioning
▪ De – Provisioning
▪ Admin Access Controls
▪ Physical and Logical Access
▪ User Access Reviews (USR)
▪ Password Settings/Password policy
▪ Different PAM Tools
▪ How to identify NPA login
▪ What is Back-up
▪ Backup Restoration periodicity
▪ Different types of Backups
▪ Peferrable Backup method in case of cyber attack
▪ Backup retention period
▪ How to maintain Backup register (To track status of backup)
▪ Re-run procedures
▪ Audit check list while verifying backup controls
▪ What is End Point Security
▪ How End Point security works
▪ Audit Check list
▪ Different Automated tools for VM
▪ Remediation of vulnerabilities based of severity
▪ Audit Findings while verifying controls
▪ Patching
▪ Release data vs Deployment date Conflict
▪ Audit findings
▪ Business Continuity Plan (BCP)
▪ Permissible Latency
- How we need to perform and ISO Audit?
- What are the different frame works related to ISO?
- How ITGRC and ISO related to each other?
- Why ITAC is more important for an organization?
- Methods in ITAC
- Difference between ITAC AND ITGC
- Ways to do an application security
- What is GDPR?
- Who is data subjects?
- How it is implemented?
- Scope of GDPR in ITGC