What SOC Reports Reveal About Vendor Cyber Risk
May 27, 2026Organizations rely on third‑party vendors to support critical operations and data processing, yet accountability for cyber and operational risks remains with the organization. System and Organization Controls (SOC) reports are widely used in vendor oversight, but they can be misunderstood, over‑relied upon, or reviewed without sufficient context.
This CPE‑eligible webinar will explore how SOC reports can inform vendor cyber risk. We’ll discuss ways to view SOC reports through a risk‑based lens, note scope gaps and meaningful exceptions, consider subservice organization exposure, and recognize when SOC reporting alone may not provide sufficient insight. In addition, learn about governance and reporting considerations that can influence how vendor risks are assessed, documented, escalated, and monitored over time, as well as how SOC reports can help inform vendor cyber risk decisions.
Learning Objectives
Upon completion of this program, participants will be able to:
- Describe how third‑party cyber risk connects to governance and enterprise risk decisions.
- Apply a risk‑based approach to vendor segmentation, due diligence, and ongoing monitoring.
- Differentiate SOC report types and identify when SOC reporting may or may not fit a vendor oversight need.
- Recognize SOC report content related to scope, exceptions, and subservice organization considerations.
CPE Information
1.00 CPE Credit(s) (pending approval)
One CPE credit (pending approval) in the Information Technology field of study may be awarded upon verification of participant attendance during live broadcast.
Who’s This For
CIOs, CISOs, CROs, CCOs, audit executives, IT directors, information security directors, procurement leaders, internal audit managers, and security and risk analysts.
Prerequisites
None
Delivery Method
Group internet-based. Each attendee must be logged in and answer the poll questions to receive CPE credit.
Refund Policy
There is no fee associated with this event.
Program Level
Basic
Recommended Field of Study
Information Technology
Advanced Preparation
None
If you have concerns or would like information regarding program cancellation policies or CPE credit, contact us at [email protected].
Forvis Mazars, LLP is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.nasbaregistry.org.