Third Party Risk Management Trends – SOC-1 & SOC-2 Reporting: The What, The Why, The When and The How

Loading Map....

December 13, 2018
12:00 pm - 2:00 pm

McCarthy Tétrault LLP
66 Wellington Street West, Suite 5300
Toronto, Ontario

Add to calendar


Understanding System and Organization Control reports (aka SOC-1 and SOC-2 reports) is critical when working with a service provider partner. It is not simply about asking for and receiving the report to check a box, but rather, reading, understanding and acting on the key findings in SOC reports are critical to managing service related risks, performance and supplier relationships.

In recent years, it has become increasingly important for suppliers to provide SOC reports to its customers in an effort to demonstrate a sound control environment and to build a strong reputation in the marketplace.  To reinforce this, supplier-provided SOC reports are becoming requirements in service contracts.

This session focuses on emerging trends and updates to third-party reporting and SOC standards from a legal and operational standpoint.

Lunch will be served at noon and the presentation will begin at 12:30 pm.


Baskaran Rajamani is a Risk Advisory Partner with Deloitte in Toronto specializing in assisting financial services clients in successfully managing third party and outsourcing risks, related regulatory compliance management, governance as well security and audit implications. Baskaran chaired Deloitte’s Outsourcing Service Provider round table for a number of years and has routinely interacted with service providers, user organizations and regulators in that role. Baskaran is a frequent speaker on third party and outsourcing risk and governance related topics at conferences. Baskaran has led several service audit reports (under Canadian, US and international standards, SOC-1 and SOC-2 reports) related to risk management controls at service providers for over 10 years.

Julie Calla is a Senior Manager in Deloitte’s Risk Advisory practice, with thirteen years of experience managing third party service review engagements for clients across a number of industries, with a focus in the financial services and technology sectors. Julie has in depth knowledge of the SOC-1 and SOC-2 reporting standards, having prepared various reports that comply with the American Institute of Certified Public Accountants (AICPA) and Chartered Professional Accountant (CPA) Canada standards. Julie also worked in the Deloitte Buenos Aires, Argentina offices to build the Service Auditor reporting practice in the Latin American market.

Richard Austin is a Partner at Deeth Williams wall LLP who practices corporate and commercial law with a focus on privacy and security, artificial intelligence, cloud computing, outsourcing, applications (and Apps) development and software audits.  Prior to returning to private practice, Richard was General Counsel at EDS Canada for 18 years where he headed a team of lawyers and contract professionals with responsibility for the legal aspects of EDS’ business in Canada.  Richard is a frequent speaker on technology law issues.  He is a member of the Executive Education Faculty of the Centre for Outsourcing Research and Education (CORE) and is a former Director and President of the Canadian IT Law Association.


Cost for attendance: ten dollars ($10) for members and students, twenty dollars ($20) for non-members, payable at the meeting. Receipts will be available. Cheques should be made payable to the Toronto Computer Lawyers’ Group.


The cost of membership for lawyers is fifty-five dollars ($55), and articling students and law school students may join the TCLG free of charge by indicating that they are “students” on the membership application form. Please see the online membership page for further details:


Please register before 10:00am Friday, December 7, 2018. Registrations will not be confirmed. Substitutions are permitted anytime. Registrants who do not attend and do not cancel or send a substitute may be invoiced for lunch. Please e-mail registrations or cancellations to:

When registering, please advise if you have any dietary restrictions.


Please circulate this notice to business associates, clients, colleagues or others who may be interested in attending a meeting or joining the TCLG.