From the course: ISACA Certified Information Systems Auditor (CISA) Cert Prep

Unlock this course with a free trial

Join today to access over 25,600 courses taught by industry experts.

SOCs and SLAs

SOCs and SLAs

From the course: ISACA Certified Information Systems Auditor (CISA) Cert Prep

Start my 1-month free trial Buy for my team

SOCs and SLAs

- [Instructor] In evaluating information security with third parties, we certainly want to take a look at SOC documents. And so with our SOC documents, this stands for system and organization control. These are reports that help us get that assurance in our third-party service providers. So we have three report types, SOC 1, SOC 2, and SOC 3. So SOC 1 is going to attest to an organization's financial reporting. Probably on the CIS exam. This will not be the correct answer for us 'cause we're more focused on information security, obviously very important document. But what's going to be more in our wheelhouse is going to be the SOC 2 and SOC 3. Now if you notice this, the use is the same for both SOC2 and SOC 3. So how do we process transactions impacting security, specifically availability, integrity, confidentiality, and privacy of customer data? The CIA triad, right? So, ultimately, the difference here is that SOC 2 documents are for current customers and for auditors. SOC 3…

Contents