Presenter: SBS CyberSecurity
This 90-minute program will be presented live on: April 21, 2023 – 10:00-11:30 a.m. CT
Recording available through: July 21, 2023
Each of our regulators say this in a similar way, we must understand the security controls of a third party “to the same extent” as we understand our own internal controls. This is challenging, as some of our vendors share few details about controls. Our industry currently relies heavily on the new SSAE18 Audit Report and the Service Organization Control (SOC)2 reports provided by vendors. What are the differences between these two reports, and which should we be requesting? And once we obtain them, how do we understand the security controls to the “same extent” as our own?
We will explore the different types of SOC reports provided by vendors and highlight the best items that should be requested from vendors. Each of these reports serves a different purpose and will provide different value to your institution. In addition to what reports to ask for, we will explore them in detail to highlight what to look for and how to fill in the gaps to ensure your understanding security to the “same extent”. The following items will be addressed in this discussion:
Target Audience: Information security officers, IT managers, risk officers