Skip to main content
ISC2 Security Congress 2024 Main banner
 
Icon Legend
Additional Fee Required
Additional Fee Required
Pre-Registration Required
Pre-Registration Required
Online & Virtual
Online & Virtual
Onsite Only
Onsite Only
Earn CPE Credits
Earn CPE Credits
Livestreamed Session
Livestreamed Session
Included in Guest Pass
Included in Guest Pass
Invite Only
Invite Only
Session Recorded
Session Recorded
Student Experience
Student Experience
Back

On-Site and Virtual

Frameworks, Standards & Guidelines

Starting your Compliance Journey on the Right Foot – ISO 27001 or SOC2 First?

Tuesday, October 15, 2024
9:10am – 10:10am PT
Location: Florentine
CPE Credits 1
Session Recorded Earn CPE Credits Livestreamed Session Online & Virtual
For organizations new to third-party assertion, a foundational question is whether to pick ISO 27001 or SOC 2. Both require an audit, but they produce different outcomes. ISO 27001 is a one-page certificate, often compared to a diploma, and SOC 2 is a multi-page document akin to a school report. They provide a very different level of details into an organization and its security processes.

This session will explore key considerations, including an organization’s current posture and how it relates to the scope of the standards and the marketplace’s expectations. We’ll address how budget factors, client expectations, industry practices and location of your organization and your clients all play a role in selecting a framework. Finally we’ll discuss when ISO 27001 and SOC 2 complete each other.

Learning Objectives:

  • Understand whether a SOC 2 report or an ISO 27001 certification best meets the expectation of your customers around security objectives, and the PR processes implemented to attain them.
  • Evaluate whether the maturity, context and culture of your organization is better suited to a SOC 2 report or an ISO 27001 certification.
  • Understand what factors drive the marketplace’s preference for one option versus the other, and how that preference changes across markets.