February 11, 2015
Hanover Manor, East Hanover, NJ
Brad Routhier, Partner, Advisory Services Practice, Ernst & Young (EY)
Gary Babick, Senior Manager, Advisory Services Practice, Ernst & Young (EY)
Marc van den Dobblesteen, Manager, Advisory Services Practice Ernst & Young (EY)
Over 50 IT Security and Control professionals attended this one-day seminar. The morning session focused on the reporting of controls at a service organization. Brad provided a brief overview of and differences between SOC1, SOC2 and SOC3 reporting standards. Brad and Marc also addressed issues that the attendees experienced when a SOC report depends on a subservice organization; issues in inclusive and carved-out reports; examples of effective monitoring controls; some of the challenges, concerns or pain-points one may have experienced as it relates to relying on SOC reports; and key trends and upcoming changes in SOC reporting.
The afternoon session focused on Vendor Risk Management – Why it matters and what to consider. Gary covered the importance of vendor risk management, how to establish and sustain a vendor risk management program, and why an effective vendor risk management program matters.
Feedbacks from the attendees were extremely positive. All stated the seminar was timely and provided a better understanding, application and benefits of the SOC 1, SOC2 and SOC3 reports as well as the components and benefits of an effective vendor risk management program.