System and Organization Controls (SOC) and the cloud

Leveraging SOC reporting to gain assurance over your data in the cloud

In its simplest form, cloud computing is the use of a shared resource on the internet to store, manage and process data. Cloud computing is not new technology, but with more companies moving their sensitive data to an external cloud service providers’ security infrastructure, trust between organizations and service providers is crucial. System and Organization Controls (SOC) reports can help enhance trust and provide assurance by defining the gray areas of security, availability and confidentiality of related controls reporting using the American Institute of CPAs’ (AICPA) Trust Services Criteria.

In this on-demand webinar, Baker Tilly SOC specialists discuss infrastructure as a service (IaaS), and deep-dive into key controls to be reviewed by both issuers and users of SOC reports.  

Key learning objectives

After attending this webinar, participants will be able to:

• Explain IaaS, and describe the cloud provider landscape.
• Discuss complementary subservice organization control (CSOC) and complementary user entity control (CUEC) considerations when utilizing a cloud subservice organization within a SOC report. 
• Describe challenges and commons issues found in cloud environments. 
• Recognize other cloud tools, frameworks and audit programs along with trainings to help assist in understanding the environment.

Who should watch the recording?

This webinar is intended for service organizations that have SOC examinations performed over their operations, or those considering having a SOC examination performed. Users of the SOC reports may also find the webinar helpful to understand impacts of cloud computing. 

Download the presentation

For more information on this topic, or to learn how Baker Tilly specialists can help, contact our team.