From the course: CISA Cert Prep: 5 Information Asset Protection for IS Auditors
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Conducting service organization control (SOC) audits
From the course: CISA Cert Prep: 5 Information Asset Protection for IS Auditors
Conducting service organization control (SOC) audits
- [Instructor] Alright, let's talk about auditing service organizations, or providers. A SOC audit, or a Service Organization Controls audit, is an audit that you have done if you're a service provider and you want to be able to attest to your customers that you've got good controls in place. Now back in the old days, we used to have what was called a SAS-70 Audit, done by the AICPA, the American Institute of Certified Public Accountants, and it came in two flavors, a type 1 and a type 2, and it was a way that you could provide something to your customers or your partners that says look, here's an audit that we had done by our accounting firm that says, you know, we know what we're doing and we're securing ourselves adequately. It was an attestation audit. Well, it was never really designed for the modern technology of today, and the clouds, and all that we have in our data centers, so it was really more of a financial thing, run by accountants. Well that was replaced by these new SOC…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.