Slide 3

SOC 2 Fundamentals

An introduction to the System and Organization Control (SOC) 2 Information Security framework.

Course Highlights

In this course, you will learn what the SOC 2 framework is about, the benefits of the certification, and the importance of compliance and information security.

Course Features

Leonardo Sot - Instructor

Leonardo Soto


Leonardo is an IT management professional focused on cybersecurity, compliance and digital transformation. His expertise includes IT project management, digital transformation, and preparing companies for information security audits, such as SOC 2, ISO 27001, and HIPPA.

Course Synopsys

Upon the successful completion of this course, each participant will possess the skills and knowledge to support any business organization in establishing an Information Security program that leads to a SOC 2 certification. 

This unique training is unlike any training offered to employees and managers in the area of information security. Successful ‘graduates’ will become coveted amongst companies for their specialized knowledge of compliance, information security, and privacy. 

Having employees with this specialized knowledge also helps companies keep information safe. This training assists in raising the level of information security in the companies they work.

Course Content

5 days • 20 hours of instructor-led clasess
8:00 AM to 12:30 PM – Instructor Led
Day 1 introduces the participants to the SOC 2 framework standard and the importance of information security. The participants will also explore the impact of SOC 2 on a business operation and how the components of SOC 2 help protect information assets.Learning outcomes
  • Understanding what is SOC 2
  • The benefits of SOC 2 for any organization
  • The main components of SOC 2
Unit 01 – What is SOC 2, and why does it matter?
  • The SOC 2 Standard definition
  • The role of the American Institute of Certified Public Accountants (AICPA)
  • The goal of SOC 2 Audits
Unit 02 – Why is SOC 2 important for your business?
  • Compliance considerations
  • Information security considerations
  • Business considerations
Unit 03 – What Are the Components of SOC 2?
  • Policies
  • Controls
  • Evidence
Activities and Exercises
2:00 PM to 4:00 PMIndependent work
  • Describe the impact a SOC 2 certification can have on your business
  • List the information security policies your company currently has

8:00 AM to 12:30 PM – Instructor Led
On Day 2, the participants will understand the difference between SOC 2 Type 1 and SOC 2 Type 2 audits. We will define the four Trust Service Criteria (TSC) and how SOC 2 addresses trust for different products and services. By understanding the TSCs, the participants can scope a SOC 2 project according to the company’s needs.

Learning outcomes

  • Difference between the two types of SOC 2 audits
  • What are the four Trust Service Criteria
  • Scoping a SOC 2 project
Unit 04 – SOC 2 Type 1 Versus Type 2
  • SOC 2 Type 1 definition
  • SOC 2 Type 2 definition
Unit 05 – Trust Service Criteria (TSC)
  • Availability
  • Processing integrity
  • Confidentiality
  • Privacy
Unit 06 – Scoping your SOC 2 Project
  • Define your landscape
  • Define your controls
Activities and Exercises
1:00 PM to 4:00 PMIndependent work
  • Discuss which SOC 2 Type is more appropriate for your company
  • Make a list of the types of personal information your company collects
  • Which Trust Service Criteria should be included in your audit?



8:00 AM to 12:30 PM – Instructor Led
On Day 3, the participants will learn to identify risks that could expose information assets. They will also learn the different threat vectors and vulnerabilities, such as vendors’ supply chains. We will discuss mitigating, accepting, transferring, or avoiding risks. Finally, we will see how robust policies and controls are essential to the information security program. We will see how evidence is collected for a SOC 2 audit.

Learning outcomes

  • Risk identification, classification, and prioritization
  • Responding to risks
  • Creating information security policies
  • Understanding the SOC 2 controls
  • How to collect evidence
Unit 07 – The SOC 2 Risk Assessment
  • SOC 2 Risk Assessments must have clearly defined objectives
  • Identifying and assessing risks against the organization’s objectives
  • Identifying and evaluating the criticality of information assets
  • Threats and vulnerabilities from vendors and other parties
  • Responding to risks: Mitigate, Accept, Transfer, Avoid
Unit 08 – Creating SOC 2 Policies, Controls and Evidence Tasks
  • Writing and updating your policies
  • Designing and implementing controls
  • Evidence collection
  • SOC 2 Type 1 and Type 2 evidence collection
Activities and Exercises
1:00 PM to 4:00 PMIndependent work
  • Find examples of Information Security policies
  • List some of the controls that are important to your company.



8:00 AM to 12:30 PM – Instructor Led
On Day 4, we will discuss the cost of a SOC 2 audit and how the cost is distributed in the project’s three phases. The participants will also learn about the auditor’s role and how to select one. We will also explore cost savings tools, such as automated evidence collection.

Learning outcomes

  • Understand SOC 2 costs involved
  • How long does it take to complete a SOC 2 audit
  • The role of an auditor
Unit 09 – SOC 2 Costs Explained
  • Phase 1: SOC 2 Risk Assessment cost
  • Phase 2: SOC 2 Audit Readiness cost
  • Phase 3: The SOC 2 Audit cost
Unit 10 – How Long Does SOC 2 Take?
  • Without automation
  • With automation
Unit 11 – How to Select the Right Auditor
  • Criteria for Choosing an Auditor
Activities and Exercises
1:00 PM to 4:00 PMIndependent work
  • Interview your account to determine if they can be a SOC 2 auditor
  • Prepare a rough budget for a SOC 2 certification program
9:00 AM to 12:00 PM – Instructor Led
On Day 5, the participants will learn about the Readiness Assessment as the first step in preparing for a SOC 2 audit. They will also know the difference between preparing for a SOC 1 versus a SOC 2 audit. We will review a SOC 2 Report and learn how to read and interpret the report’s five sections.Learning outcomes
  • How to prepare for a SOC 2 audit
  • Interpreting the SOC 2 Report
Unit 12 – Your SOC 2 Audit: What to Expect
  • The Readiness Assessment
  • Preparing for a SOC 2 Type 1 Versus a SOC 2 Type 2 Audit
Unit 13 – What Happens After I Get My SOC 2 Report?
  • Understanding the SOC 2 Report
Activities and Exercises
1:00 PM to 4:00 PMIndependent work
  • Read and be prepared to comment Section 1 of the sample report supplied

Students are also Interested in:

The whole team felt a lot of pride going through the SOC 2 training. It gave us a sense of accomplishment. As a business, we felt ready to tackle a difficult and confusing subject. SotoNets training made it easy.
COO Fable

Ready To Grow Your Business?

Do you have a digital transformation strategy? We are here to help transform your business into an efficient workplace without the constraints of office space. We empower your employees to work from anywhere with the right tools to get the job done.