What you’ll learn in this class
WHAT IS SOC 2: History, Purpose, and Scope
- Administrative body: AICPA
- History: trend from SAS70
- Intent: To establish trust between a service provider and client
HOW TO PLAN FOR SOC 2: Understand Each Step in the Process
- Requirements: Learn about each control
- Assemble your team: Learn which departments will need to participate and how to evaluate the most effective representatives
- Create a project timeline: Set expectations with estimates of each task in order to manage
OVERVIEW OF CONTROLS/POLICIES: Summarize the Scope and Expectations
- Controls: analysis of each class of control and the implications for respective policies
- Policies: summary of key components and advice on how to evaluate scope
- Mistakes to avoid: Learn how to quickly customize each policy to suit your company's specific needs
BEST PRACTICES How Policies Map to Controls and How to Evaluate Scope & Best Practices
- Common Pitfalls: learn how to assess the appropriate scope of each policy to suit your company's context
- Controls: map each control to the appropriate policy & learn the implications before drafting your policies
- Policies: a summary of key components and advice to help avoid common mistakes during the drafting process
GETTING STARTED: Start your SOC 2 Project with Comply
- Going Live: Learn how to install Comply, a free open source SOC 2 policy library & workflow framework, and create your first project
- Task Management Overview: Learn how to quickly assign and track tasks through Jira
- Deep dive into our flexible policy templates: Quickly customize each policy to suit your company's specific need
Introduction to SOC2
SOC2 Project Plan
Frequently Asked Questions
When does the course start and finish?
The course starts now and never ends! It is a completely self-paced online course - you decide when you start and when you finish.
How long do I have access to the course?
How does lifetime access sound? After enrolling, you have unlimited access to this course for as long as you like - across any and all devices you own.
StrongDM is the Infrastructure Access Platform.
It's one software that combines authentication, authorization, connectivity and observability to give your technical staff frictionless and auditable access to everything they need across your entire stack, in a single place.