Customer Webinar Recording: SOC 2, Type 1 vs Type 2 - Finding the Perfect Fit
If you’ve started your SOC 2 journey, you might be wondering whether to pursue a Type 1 or Type 2 report. It’s an important decision to make. After all, it could mean the difference between winning or losing your next big deal.
Jitendra Juthani, a member of the Tugboat Logic Labs team with over 20 years of audit experience at PwC, EY and Deloitte, breaks down SOC 2 and both report types to help you make the best possible decision for your organization.
GoToWebinar Link: View the recording here!
00:00 - 03:00 Introductions
03:10 - 09:40 The difference between SOC1, SOC2, and SOC3
10:00 - 11:10 Overview of Type 1 vs Type 2
11:10 - 14:00 The pros and cons of SOC1 and SOC2
14:05 - 21:00 Breaking down the steps/process of Type 1 and Type 2
21:10 - 25:00 Identifying changes from transitioning from Type 1 to Type 2
25:49 - 27:00 Common Scenario: a Startup company has a huge sale that is ending and they need a SOC2 audit ASAP. What is the best way to manage the sale in addition to the multipart process?
27:30 - 35:45 Overview and Identifying what is in the Audit Report
37:00 - 46:00 Tugboat Logic product demo
Questions & Answers:
46:10 - 47:27 Is there a given list of controls in all 5 domains that one can choose from?
47:55 - 49:00 Who validates end-user control considerations?
49:10 - 50:10 Does Tugboat Logic help with writing the Service Organization description for section 3 of the Audit Report?
50:25 - 53:25 Can you expand upon SOC2 type 1 scope and its definition when reviewing the vendor's report?
53:45 - 56:12 Can we go over the statement "Deciding on SOC1 vs SOC2 may depend on the financial implications that the product has on the end business"?
56:30 - 58:30 Where are sub-service organizations covered if the service provider is hosted on a public cloud?