Sign up if you are...

  • Trying to figure out what SOC 2 compliance is and if it's worth it

  • A business owner, leader, Board member, or in the C-Suite

  • Responsible for cybersecurity, internal controls, or getting and maintaining SOC 2 at your company

  • Just curious and want to understand the requirements of SOC 2 compliance and reporting

  • Needing to be equipped to navigate the marketplace for making fact-based decisions around SOC 2 consultancy

Course curriculum

    1. A Message from Your Instructor, Cheri:

    2. How to use this course

    3. Before we begin...

    1. Who is the AICPA and how did SOC2 get started?

    2. What is SOC 2 versus SOC 2 for Cybersecurity?

    3. Read through an example SOC 2 report with its predefined sections and layout

    4. The Trust Service Criteria--You get to choose scope and criteria

    1. Common myths

    2. Myth #1: It's too hard to get

    3. Myth #2: I have to have a Type I first

    4. Type I is easier and quicker

    5. Myth #3: Once I get my SOC 2 report, I'm done

    6. An ongoing relationship

    7. Myth #4: I must use a consultant to get me ready for SOC 2

    8. A less direct path

    9. Myth #5: I can just download the SOC 2 requirements and do what it says

    10. Myth #6: If I ignore SOC 2, it'll go away

    11. Regulation is coming

    12. Myth #7: Protecting regulated data is my choice

    13. Put that thing in the garage

    14. Myth #8: SOC 2 can be done for the first time in days

    15. Think it through

    16. Get buff

    17. Myth #9: SOC 2 can be fully automated

    18. Automation vs. a user

    19. Automation requires attention

    1. SOC 2 grows your business

    2. SOC 2 helps you land larger clients

    3. SOC 2 is revenue-generating

    4. SOC 2 can help you safeguard your business

    5. SOC 2 can be a flaming moat

    6. SOC 2 will help you sleep at night

    7. SOC 2 is the ultimate body pillow

    1. Type I and Type II explained

    2. Type I is training wheels

    3. It's all about risk

    4. Know where the risk are

    5. Independently validated assurance

    6. SOC 2 is like having a driver's license

    1. CC1: Control Environment

    2. Don't forget your playbook

    3. CC2: Communication and Information

    4. CC3: Risk Assessment

    5. Risk assessment helps you prioritize

    6. CC4: Monitoring Activities

    7. Importance of monitoring

    8. CC5: Control Activities

    9. CC6: Logical and Physical Access Controls

    10. Logical and Physical Access demonstrated from The Mandalorian

    11. CC7: System Operations

    12. CC8: Change Management

    13. Change management protects against compromise

    14. CC9: Risk Mitigation

    15. Choose good friends

About this course

  • Free
  • 78 lessons
  • 1 hour of video content
  • SOC 2: For the Secure & Successful

    SOC 2 Compliance: It’s not just for keeping your data safeguarded, it can help you win new clients! Staying up to date with controls around cybersecurity can facilitate trust and growth with your employees, users, customers, and clients. All things necessary for success in the modern business world.

  • Your SOC 2 Transformation

    Utilize a risk-based approach, based on your company’s unique goals, to guide your organization into SOC 2 in a simple, streamlined fashion. With the right knowledge and planning from the top down of the organization, your SOC 2 transformation can be stress-free.

  • SOC 2: Risk Identification and Mitigation

    Break down the process of identifying what your major risks are and what your data protection plan should be under SOC 2. After all, we all want to make implementing the best policies & practices a lot easier, at the start and in the long run.

  • SOC 2 = More Clients for You

    All clients want evidence of a well-protected business, with processes in place to protect the data they share with your organization. With SOC 2, provide clients with the peace of mind they deserve. Effectively designed and operating cybersecurity controls is not just for you -- it’s for your clients too, past, present, and future.

  • Build Trust With SOC 2

    SOC 2 means proof of protection around your data - proof of protection means customers, employees, and partners can trust you, knowing your information systems are secured by working controls. Become a trustworthy partner to all your counterparties with full SOC 2 compliance.

  • SOC 2 is Essential

    A passing, independent SOC 2 audit report gives unbiased assurance to the business world that you’re doing things right. Without one, it may be impossible to give anyone confidence that you are a responsible business owner taking care of your data. SOC 2 compliance ultimately means being a good steward of the valuable information that has been entrusted to you - which is essential to any modern business.

Meet Cheri-Your SOC 2 Expert Help

Partner, vCISO Cheri Hotman

Cheri is a vCISO on a personal mission to simplify cybersecurity and SOC 2 so companies have what they need to make strategic decisions around implementing the right solutions, not too much and not too little. She sees a lot of "noise" in the marketplace around cybersecurity and SOC 2 that causes confusion which leads to haphazard and knee-jerk decisions, but is absent of an overall strategy for how to build out and manage a company's cybersecurity and SOC 2 posture that's actually in alignment and supporting the business objectives. Ultimately, it's all about risk and achieving the most creative way to reduce it with limited resources and budget. Cheri graduated with an MBA from the University of Texas at Dallas and her drive toward Tech and cybersecurity has only grown since then. With a Corporate career - to the Vice President level - in banking, financial services, and consulting, she has a firm grasp on the particulars of the business world. Continuing education and consultancy work has made her even more informed and effective on the topic of modern cybersecurity and SOC 2. Cheri is a CPA, meaning she can both perform SOC 2 audits and help companies prepare for them. She is a BCC (Board Certified Coach), and holds her CISSP (Certified Information Systems Security Professional) - the gold standard in cybersecurity. In sum, you can count on her to know her stuff!

Take Advantage

Leverage SOC 2 knowledge and understanding from a CPA expert in SOC 2 and cybersecurity