Organizations increasingly rely on the services of third parties, which may provide expertise, efficiencies, and economies of scale. But using third parties can also change the risk profile of the organization and create new vectors for threats and vulnerabilities. To assess and respond to risk related to those third parties, organizations can request and review System and Organization Controls (SOC) reports. Identifying and understanding the most important information within SOC reports is critical for ensuring that they will serve their purpose effectively.
This session will provide an overview of how to effectively review SOC reports. After the session, participants can expect to have a greater understanding of the following:
Types of SOC reports
Important information included in SOC reports
Considerations for adapting your review to your organization’s risk profile
Rob Valdez is the Director of Daszkal Bolton’s Digital Advisory, a consultancy helping businesses build value and manage risk with technology. He oversees services that help organizations defend against cyber threats, and he leads projects that enable organizations to increase efficiency and effectiveness through automation and data analytics. His experience also includes working for the Bitcoin fintech startup that provides the Bitcoin Beach Wallet in El Salvador. Rob is a motivated advocate for building trust in technology and an adjunct professor with Florida Atlantic University. He has been featured in the Wall Street Journal, TechRepublic, and the South Florida Business Journal.