Ep 05: SOC 2 Compliance - What is it? Is it Right for my Business? | w/ Special Guest Vance Collins

Listen to The Episode Yourself!

Episode Summary

As we shift gears, Vance enlightens us to all that SOC 2 compliance has to offer in the name of organization-wide security. He explains the comprehensive scope of SOC 2, covering both software and hardware aspects, and elaborates on the critical levels of compliance, particularly focusing on Type 1 and Type 2 audits.

Boasting over 20 years of technical leadership across esteemed organizations like Simplifyy, DSI, and Service Management Group, Vance brings a wealth of experience and a robust understanding of servant leadership. He has long studied the core concepts of SOC 2 compliance, implementing them into organizations with & without prior experience with it’s intricacies. 

#LetsTalkTech #OSCXO #ServantLeadership #LeadershipDevelopment #TechLeaders

Resources

https://soc2.co.uk/ - Dive even deeper into SOC 2 Compliance and it's benefits!

Episode Chapters

1. Episode Introduction (00:00:00 - 00:00:50)

2. What is SOC 2 Compliance (00:00:50 - 00:02:19)

   1. Vance explains that SOC 2 is not a certification but an attestation, detailing the role of auditors and the importance of a standard list of controls and trust services criteria.

3. The Scope and Levels of SOC 2 Compliance (00:02:19 - 00:03:43)

   1. Discussion on whether SOC 2 is software-based or broader. Vance clarifies it encompasses the entire security posture and elaborates on the different levels of SOC 2 compliance, highlighting Type 1 and Type 2.

4. The SOC 2 Audit Process and Role of Software Tools (00:03:43 - 00:04:31)

   1. Vance discusses the audit process over time, the significance of onboarding policies, and the evolution of tools used in SOC 2 compliance processes.

5. The Cross-Functional Nature of SOC 2 Compliance (00:04:31 - 00:05:23)

   1. A conversation on who is responsible for writing SOC 2 documentation and the cross-functional aspects of SOC 2 compliance, emphasizing the roles of different departments, including HR.

6. When and Why Should You Pursue SOC Compliance (00:05:23 - 00:07:00)

   1. Vance explains why organizations opt for SOC 2 compliance, its role in client interactions, and its international relevance, comparing it with ISO 27,001 and GDPR.

7. Training and Security Measures in SOC 2 Compliance (00:07:00 - 00:14:40)

   1. Rob and Vance discuss the application of SOC 2 in various business scenarios and the importance of training and ongoing security measures, including simulated phishing and other interactive training tools.

8. Implementing SOC 2 in Organizations (00:14:40 - 00:16:31)

   1. Vance shares his experiences bringing SOC 2 compliance into organizations, the requirement of training, and the broader implications of these security measures.

9. The Importance of Policies and Documentation (00:16:31 - 00:19:44)

   1. Discussion on the critical role of policies and documentation in SOC 2 compliance, the use of tools for monitoring, and the process of certification.

10. The Role of Independent Auditors and Final Thoughts (00:19:44 - 00:24:01)

    1. The conversation concludes with insights into the role of independent auditors in SOC 2 compliance, the issuance of documentation, and the benefits this compliance offers to organizations in terms of security and credibility.