SSAE18, SOC 1, SOC 2 – What Do I Need?

All regulators say, in a similar fashion, that we must understand the security controls of a third party “to the same extent” as we understand our own internal controls. Doing so can be challenging, as some of our vendors share few details about controls. Most industries rely heavily on the new SSAE18 Audit Report and the Service Organization Control (SOC)2 reports provided by vendors. What are the differences between these different reports, and which should we be requesting? And once we obtain them, how do we understand the security controls to the “same extent” as our own?

We will explore the different types of SOC reports provided by vendors and highlight the best items that should be requested from vendors. Each of these reports serves a different purpose and will provide different value to your institution. In addition to what reports to ask for, we will explore them in detail to highlight what to look for and how to fill in the gaps to ensure your understanding security to the “same extent”.

Covered Topics

  • Vendor Management Regulatory Expectations
  • Third Party (Vendor) Management best practices
  • Fourth Party/Supply Chain Management
  • Required Documentation, including the different SOC Report types
  • Other items useful in Vendor reviews
  • Detailed Due Diligence and Contract Review questions

Who Should Attend?
Information Security Officer, IT Manager, Risk Officer, Internal Auditor, CFO, and Executives looking to understand the risk around Vendor Management.

Shane Daniel is a Vice President/Senior Information Security Consultant for SBS CyberSecurity, a premier cybersecurity consulting and audit firm dedicated to making a positive impact on the banking and financial services industry. Shane maintains his CISA, CPA, CIA, CGEIT, and CRISC certifications. He has 27 years of experience in Network Security, IT Auditing, Consulting, and ISP development.

Carl Pry is a Certified Regulatory Compliance Manager (CRCM) and Certified Risk Professional (CRP) who is a Managing Director for Treliant LLC in Washington, DC. Through his working career, as well as through his experience as a banking attorney and officer, he has provided a variety of regulatory compliance and financial performance services to financial institutions and other clients throughout the country. He has written extensively regarding consumer and commercial compliance, tax, audit, and financial institution legal issues, and is a frequent contributor to and currently serves on the Editorial Advisory Board for the ABA Bank Compliance magazine. He has spoken at scores of banking, compliance, and state bar associations, and has conducted training sessions for financial institutions across the country.

Registration Options

  • Live Plus Five (days) – $265
  • OnDemand Recording – $295
  • CD-ROM – $345
  • Live Plus Six (months) – $365
  • Premier Package – $395


Feb 09 2022


10:00 am - 12:00 pm



More Info