Name: SOC 2 Bootcamp: Part 3 - Evidence Collection
Start: 2022-07-07T18:00:00Z
End: 2022-07-07T18:53:58.000Z
Location: BrightTALK
Rating: 4.17

Our goal is to simplify and automate information security management for startups and enterprises. We help customers plan and implement a security program for their organization, get them ready for industry certifications and enable them to prove compliance to their business partners.

SOC 2 is a well-defined process, but every company has to customize it to their unique business. To help you understand what this entails, we are breaking down SOC 2 from beginning to end in a four-part webinar series!

In the final part of the webinar series, we will be discussing The Audit; including completing the audit, understanding the report and how to use it

SOC 2 Bootcamp: Part 4 - ’The Audit’

SOC 2 is a well-defined process, but every company has to customize it to their unique business. To help you understand what this entails, we are breaking down SOC 2 from beginning to end in a four-part webinar series!

In part two we are discussing Policies and Controls; including the risk assessment and evaluating your vendor’s SOC 2 reports

SOC 2 Bootcamp: Part 2 - Policies and Controls

SOC 2 is a well-defined process, but every company has to customize it to their unique business. To help you understand what this entails, we are breaking down SOC 2 from beginning to end in a four-part webinar series!

For part one we are discussing Scoping and Auditor Selection: including understanding the Trust Service Categories, scoping the right category and writing the service organization’s description

SOC 2 Bootcamp: Part 1 - Scoping and Auditor Selection

While some frameworks are legally required to conduct business, like GDPR and CCPA, which cover specific jurisdictions, others are optional, like SOC 2. 

However, some companies may need you to be SOC 2 compliant. And safer data benefits everyone, especially your bottom line!

Tugboat Logic’s expert Monica McMahen will be joined by Ryan Goodbary, Partner, Risk Assurance & Advisory and Pippa Akem, Senior Manager Risk Assurance & Advisory at Armanino LLP, to share what is needed to confidently add the security standards you need to fuel your growth without duplicating your work.

Join this webinar to learn:

- How to manage multiple audits and leverage existing controls to eliminate unnecessary work
- What frameworks to consider next, implementation guidelines, and auditor recommendations
- How businesses can navigate InfoSec resource gaps and obtain compliance through automation

Beyond SOC 2: What Privacy & Security Frameworks to Consider Next

Risk Assessments are mandatory for passing your audits and protecting your business from serious threats. Not understanding the process can lead to complications and incomplete audits. Which is why risk assessments are often the number one reason Tachieving SOC 2 and ISO 27001 certification is delayed.

In this webinar, Tugboat Logic’s experts, Jitendra Juthani and Monica McMahen, will help demystify risk management and walk you through:
- What a vendor risk assessment is and which vendors need to be assessed
- Different types of risk and share tips to evaluate and mitigate IT risks
- How to conduct a risk assessment at your company

Conducting a Risk Assessment

Choosing the right technology stack for your business isn’t easy. It’s liable to give you a headache. Too often, security is treated as an afterthought, which can throw a wrench in your compliance efforts, stall big deals and impact your bottom line.

In the interest of saving you from unnecessary headaches, Blake Brannon, Chief Strategy Officer at OneTrust will be leading a discussion with Joe Sullivan, Chief Security Officer at Cloudflare, and Cailin Sullivan, Security Engineer at Appcues that will cover:

- Insights into how 100 leading startups across different industries are building their tech stacks
- The must-have tools, technologies, and integrations to help startups scale their stacks securely
- Compliance hacks and tips on how to leverage your security posture to sell upmarket

Securing the Startup Stack for a Zero Trust World

HIPAA is so hot right now. Everybody’s talking about it. And it seems like everybody’s an expert on it too. But don’t believe everything you’ve heard. Most of it is flat out wrong. For instance, vaccine passports aren’t a HIPAA violation. Nor are mask mandates. 

Companies that create, maintain or transmit protected health information (PHI) are expected to comply with the Healthcare Insurance Portability and Accountability Act (HIPAA). Unlike SOC 2 and ISO 27001, HIPAA is not optional and failing to comply can result in hefty fines.

In this webinar, Tugboat Logic’s Harpreet Shergill and Monica McMahen set the record straight with everything you need to know about HIPAA compliance: 

- What’s HIPAA compliance and how does it compare to other compliance frameworks?
- The Privacy Rule, Security Rule and Breach Notification Rule
- How to prove HIPAA compliance and the overlap with other auditable frameworks

Intro to HIPAA compliance

Let's face it—the ISO 27001 certification process can be confusing, time-consuming, and costly. Our team of auditors have over 100 years of auditing experience, so they can sympathize! But that’s why we turned their experience into a solution that simplifies and automates compliance, saving you time and money.

If you’re looking to become ISO 27001 compliant, or struggling to manage your ongoing compliance program, Tugboat Logic is here to help. From pre-written policies and the Statement of Applicability to the ISMS and the audit itself, we guide you through every step so you have a clear roadmap to certification.

If you want to accelerate your security audits with continuous compliance, join Tugboat Logic’s expert, Monica McMahen, for a deep dive into:

- How to prepare for your ISO 27001 and get audit-ready   
- A walkthrough of how Tugboat Logic guides and automates your ISO 27001 journey
- Practical advice on how to streamline complex, mandatory audit requirements

How to Ace Your ISO 27001 Audit

The gold standard of trust is a SOC 2 audit. It's the number one way your organization can prove its trustworthiness and demonstrate that you manage customer data securely. But even though a successful SOC 2 might be required to meet your client's security needs, understanding which policies and controls to comply with is time-consuming.

Acceleration is at the core of Accern. Accern is a no-code AI platform that enables financial organizations to create machine learning models in minutes, not months. They held uncover risk and investment insights from a vast amount of data. 

Join Parul Purohit, Compliance Manager at Accern and Tugboat Logic's Monica McMahen for a webinar and discover:

- Why Accern embarked on their SOC 2 compliance journey
- Advice from Accern about roadblocks, surprises, and Tugboat Logic automation benefits
- How to future proof your InfoSec program and what continuous compliance looks like
- What Accern is doing with their SOC 2 success

Accelerate Your SOC 2 Compliance

More organizations are requiring third-party security attestation from their vendors to prove they’re safe business partners. Being SOC 2 Certified is now no longer a nice-to-have but a must-have. However, one of the biggest challenges is knowing where to start and navigating the process without any surprises along the way.

In this webinar, Tugboat Logic’s experts, Monica McMahen and Jitendra Juthani, will take the mystery out of SOC 2 and walk you through:

- What is SOC 2 and why do you need it?
- Tips to demystify the Trust Services Criteria
- The process from start to finish: Scoping, Policies, Controls, Evidence, and The Audit

Introduction to SOC 2

IT risk assessments are something many young companies first come across when preparing for SOC 2 or ISO 27001. But as companies grow, risk management becomes a huge part of their security practices.

 

So, it’s important to understand what a risk assessment is early, and how to do it. 

 

In this webinar, Tugboat Logic’s Monica McMahen will discuss the IT Risk Assessment process with Kai Wong, Risk Advisory Partner at Deloitte. Together, they will help us understand:
 
 The risk assessment process from beginning to end
 How it may evolve throughout a company’s life cycle
 Best practices and tips to implement risk assessment at your company

Understanding IT Risk Management with Deloitte

Getting ISO 27001 certified is often a necessity to win more business and the more you dig into becoming compliant, the more confusing it gets. That’s why we’re doing a three-part ISO 27001 Bootcamp, breaking it all down for you.

In the final part of our ISO 27001 Bootcamp we will dive into:
| Auditor selection
| The three-year audit cycle
| The certification audit
| The surveillance audit

ISO 27001 Bootcamp Webinar Series: Part 3 - The Audit Process

Getting ISO 27001 certified is often a necessity to win more business and the more you dig into becoming compliant, the more confusing it gets. That’s why we’re doing a three-part ISO 27001 Bootcamp, breaking it all down for you.
 
In part two of ISO 27001 Bootcamp we cover:
| An overview of the Annex A Controls
| The Statement of Applicability

ISO 27001 Bootcamp Webinar Series: Part 2 - Annex A Controls

Getting ISO 27001 certified is often a necessity to win more business and the more you dig into becoming compliant, the more confusing it gets. That’s why we’re doing a three-part ISO 27001 Bootcamp, breaking it all down for you.

The first webinar covers:

| Scoping your ISO 27001
| The ISMS checklist
| The Mandatory Clauses

ISO 27001 Bootcamp Webinar Series: Part 1 - Scoping and Clauses

When it comes to choosing SOC 2 software, things can get dicey. You don't want to end up with a tool that doesn't get the job done. It'll make you look bad and delay your SOC 2 project. That's why Rob Black, Fractional CISO's founder, will be joining us to share his secrets to selecting the right SOC 2 vendor for you.


The Fractional CISO team just completed a deep dive on all the big players in the SOC 2 software space. Rob will be sharing his findings on:
- How do these platforms work to help you build your security program
- How to make the audit process easier and ultimately save time
- Best practices for interacting with your auditor

Secrets to Selecting the Right SOC 2 Vendor

ISO 27001 isn’t the world’s most exhilarating topic. But that’s not why you’re here. Chances are, your company’s thinking about getting certified and you’ll be a key stakeholder for the project. Naturally, you want to know what ISO 27001 is all about. More than that, you want to set your team up for a successful audit.

In this webinar we’ll cover:
- What ISO 27001 is
- The clauses and Annex A controls
- The three-year audit cycle and what it means to be certified

Introduction to ISO 27001

SOC 2 and ISO 27001 are two unique cybersecurity frameworks, but they do have overlap. Whether you’re trying to figure out which one to start with, or assessing the effort required to comply with an additional framework, this is the webinar for you.

We’ll dig into the two frameworks and answer your questions:

- What is SOC2? What is ISO 27001 Certification?
- When should you consider SOC2 or ISO 27001 Certification?
- How much crossover exists between the two?

Join us for an in-depth discussion with special guest Julie Calla, Partner at KPMG Canada and Paul Sammut, Cyber Security Senior Manager, KPMG Canada.

Similarities and Differences Between SOC 2 and ISO 27001

SOC 2 is a well-defined process, but every company has to customize it to their unique business. To help you understand what this entails, we are breaking down SOC 2 from beginning to end in a four-part webinar series!

In part three we will be discussing Evidence Collection, including manual and automated evidence collection for Type 1 and Type 2 and penetration testing

SOC 2 Bootcamp: Part 3 - Evidence Collection

SOC 2

Security

Audit

Compliance

SecOps

Information Security

Information Management

Infosecurity Europe

Information Governance

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

The unexpected nature of natural disasters and other disruptive events means that preparation is key to managing disaster recovery and business continuity planning. Join the business continuity and disaster recovery community for live and recorded presentations discussing best practices for business continuity planning, disaster recovery programs and business continuity management. Learn from BCDR experts to develop your critical infrastructure and gain insight into tactical solutions to your BCDR issues.

Business Continuity / Disaster Recovery

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Thousands of healthcare IT professionals compose the health IT community on BrightTALK. Learn alongside them with relevant webinars on healthcare IT compliance, big data in healthcare and IT solutions for healthcare organizations. Join the conversation by asking questions and engaging with other participants during live webinars and organized discussions.

Health IT

The research and development community on BrightTALK brings together leading professionals in healthcare, technology and manufacturing to present on current topics in their fields. From big data in healthcare to online forensics training and medical research practices, the community is an exceptional resource for those looking to expand their knowledge. Be part of the conversation by joining the community and participating in interactive live webinars.

Research and Development

Internal audit and compliance professionals are facing increasingly stringent regulatory requirements when it comes to compliance reporting and internal control procedures. Join the audit and compliance community to learn best practices from thought leaders on topics such as regulatory compliance, internal audit checklists and audit program strategies.

Audit and Compliance

Effective financial management strategies can help organizations meet their business objectives. The financial management community on BrightTALK is made up of engaged finance and accounting professionals. Find relevant webinars and roundtable discussions featuring financial planning advice from industry thought leaders and insights into optimizing financial reporting, accounting, risk management and value measurement.

Financial Regulation

Join this new, vibrant community to learn and connect with top thought leaders, startups and banks who are disrupting the financial services industry. Keep up with the latest news and trends in Fintech and take part in lively debates on topical issues and challenges.

Fintech

The accounting and finance community on BrightTALK features presentations from leading accountants and finance professionals. The accounting community includes tax planning strategies, QuickBooks webinars and other accounting webinars, while the finance community features presentations on financial capital regulations and forensic data analytics. Join the conversation by attending live financial and accounting presentations and connecting with industry thought leaders.

Finance

Get powerful operations insights for your business. Connect with experts and colleagues to get the most up-to-date knowledge on which systems and processes are driving operational efficiency, maximizing value and customer success.

Operations

In the business management community, commercial experts will be sharing webinars and videos on an array of subjects. From sales and marketing, to finance, productivity and growth, this content will help you stay up-to-date with the current economic environment and provide timely management insight to drive business growth.

SOC 2 Bootcamp: Part 3 - Evidence Collection

Presented by

About this talk

More from this channel