S1 - Episode 006 – Surviving Your First Regulatory Audit

Cyber Distortion Podcast Series

Apr 14 2022 • 42 mins

In this episode, Jason & Kevin join special guest Stacie Grimm, Principal at UHY. UHY is one of the Midwest’s leading CPA, business advisory and M&A firms. They deliver a broad range of tax, accounting, consulting and investment banking capabilities to serve businesses as well as individuals.
Stacie brings 15 years of experience as a seasoned auditor to the conversation in this episode.

In this episode we hit Stacie with questions around all the differences around company assessments, reports, audits, certifications and frameworks! We talk about Internal versus External audits, and we land on anything and everything SOC (System and Organizational Controls) and the SOC Suite of Services, Stacie’s specialty!

We learn how SOC is nothing more than a framework through which organizations can communicate relevant useful information about the effectiveness of their cybersecurity risk management program and CPAs can report on such information to meet the cybersecurity information needs to a broad range of stakeholders. By the end of the episode, you’ll know all about the differences between SOC I, SOC 2 (Type 1 and Type 2), and SOC 3 reports. NOT Audits, reports! =)

Jason Popillion is a CISSP and serves as a CIO/CTO of a SaaS company and Kevin Pentecost is a CISSP, CISM, CEH, CPT, MCSE, CCA, ITIL-F and serves as an Information Security Director for a manufacturing company.