News and Announcements 




Keep Informed!

The New Jersey Chapter of ISACA publishes our monthly InfoNet newsletter to make sure all members are kept current on events, notices and happennings in the New Jersey area! Don't miss a copy - follow the InfoNet link for our most current issue or click here for InfoNet archives!

Click to download our most recent issue:


 Demystifying the Confusion around Service Organization Control (SOC) Reporting and Vendor Risk Management 

February 11, 2015

Hanover Manor,  East Hanover, NJ 


Brad Routhier, Partner, Advisory Services Practice, Ernst & Young (EY)

Gary Babick, Senior Manager, Advisory Services Practice, Ernst & Young (EY)

Marc van den Dobblesteen, Manager, Advisory Services Practice Ernst & Young (EY)

 Over 50 IT Security and Control professionals attended this one-day seminar.   The morning session focused on the reporting of controls at a service organization.  Brad provided a brief overview of and differences between SOC1, SOC2 and SOC3 reporting standards.   Brad and Marc also addressed issues that the attendees experienced when a SOC report depends on a subservice organization; issues in inclusive and carved-out reports; examples of effective monitoring controls; some of the challenges, concerns or pain-points one may have experienced as it relates to relying on SOC reports; and key trends and upcoming changes in SOC reporting.

 The afternoon session focused on Vendor Risk Management – Why it matters and what to consider.  Gary covered the importance of vendor risk management, how to establish and sustain a vendor risk management program, and why an effective vendor risk management program matters.

 Feedbacks from the attendees were extremely positive.  All stated the seminar was timely and provided a better understanding, application and benefits of the SOC 1, SOC2 and SOC3 reports as well as the components and benefits of an effective vendor risk management program.