SOC 2 Bootcamp Part 2: Policies and Controls

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

Welcome to part two of SOC 2 Bootcamp coving policies and controls! Quick refresher—we borrowed Bluth Company and Associates from Arrested Development. Monica works for Bluth Company and is in charge of getting their SaaS product, Banana Stand, SOC 2 compliant. 

In SOC 2 Bootcamp Part 1: Scoping and Auditor Selection, the Bluth Company kicked off its SOC 2 journey. Monica has internal buy-in, selected an auditor, defined Trust Service Categories, completed scoping and wrote their Service Organization’s Description of Controls.

This second webinar focuses on the meat of SOC 2, the policies and controls. We dive into a handful of policies required for SOC 2, what’s involved and the necessary controls to stay compliant. 

Guided by Jitendra Juthani, InfoSec risk and compliance expert at Tugboat Logic, Monica and the Bluth Company examine policies and controls and the risk assessment required for SOC 2. In addition, Jitendra discusses how to analyze a vendor’s SOC 2 report and what to do if they aren’t SOC 2

Read the article