Date: Thursday, December 14, 2017
Time: 2:00 pm - 3:30 pm CT
SBS Presenter: Chad Knutson
The Statement on Standards for Attestation Engagements (SSAE) No. 16 provides three Service Organization Control reporting types: SOC 1, SOC 2, and SOC 3. We will discuss the purpose of the SSAE16 and how to best leverage it. Employees responsible for vendor and third party management will gain important knowledge about properly understanding these reports to better control risk management in outsourced relationships. Members of management will obtain a clear understanding of risks to customer information and importance of SSAE16 reports. This discussion will empower management teams to make more effective decisions.
Our guidance is clear: We must understand how our customer’s data is protected when outsourced to a third party to the same extent as when we host the information ourselves. This task has proven to be a great challenge for institutions to achieve. This discussion will explore the complexities of outsourced relationships, threats against customer data, and controls used to mitigate risk. Financial institutions rely heavily on the information contained in SSAE16 reports to understand and manage risk.
What you will learn:
- Technology outsourcing trends
- Threats from outsourcing
- Retired SAS70 and why
- Purpose of new SSAE16
- Report types (SOC1, SOC2, and SOC3)
- Shortcomings in SSAE16
- Extracting value from reports
Who should attend? Information Security Officer, IT Manager, Risk Officer, Internal Auditor, Board members, or other management team members responsible for the bank’s Business Continuity Plan
Presented in partnership with GSB.
Hacker Hour webinars are a series of free webinars hosted by SBS CyberSecurity. Unlike paid webinars, Hacker Hours are aimed to meet on a monthly basis to discuss cybersecurity issues and trends in an open format. Attendees are encouraged to join the conversation and get their questions answered. SBS will also offer products and services to help financial institutions with these specific issues.