- This event has passed.
What SOC Reports Reveal About Vendor Cyber Risk
May 27 @ 2:00 pm – 3:00 pm EDT
Organizations rely on third‑party vendors to support critical operations and data processing, yet accountability for cyber and operational risks remains with the organization. System and Organization Controls (SOC) reports are widely used in vendor oversight, but they can be misunderstood, over‑relied upon, or reviewed without sufficient context.
This CPE-eligible webinar will explore how SOC reports can inform vendor cyber risk. We’ll discuss ways to view SOC reports through a risk‑based lens, note scope gaps and meaningful exceptions, consider subservice organization exposure, and recognize when SOC reporting alone may not provide sufficient insight. In addition, learn about governance and reporting considerations that can influence how vendor risks are assessed, documented, escalated, and monitored over time, as well as how SOC reports can help inform vendor cyber risk decisions.
Learning Objectives
Upon completion of this program, participants will be able to:
- Describe how third‑party cyber risk connects to governance and enterprise risk decisions.
- Apply a risk‑based approach to vendor segmentation, due diligence, and ongoing monitoring.
- Differentiate SOC report types and identify when SOC reporting may or may not fit a vendor oversight need.
- Recognize SOC report content related to scope, exceptions, and subservice organization considerations.
CPE Information
1.00 CPE Credit(s) (pending approval)
One CPE credit (pending approval) in the Information Technology field of study may be awarded upon verification of participant attendance during live broadcast.d of study may be awarded upon verification of participant attendance, during live broadcast.
If you have concerns or would like information regarding program cancellation policies or CPE credit, contact us at [email protected].
