SlideShare uma empresa Scribd logo

SOC 2 Compliance and Certification

Transferir como PPTX, PDF
ControlCase
ControlCase

ControlCase covers the following: - What does SOC stand for? - What is SOC 2 compliance? - What is SOC 2 certification? - What is a SOC 2 report? - Who can perform a SOC 2 audit? - How do managed service providers comply with SOC 2 - How to lower cost of SOC 2 audit? - ControlCase methodology for SOC 2 compliance

Tecnologia
1 de 42
WEBINAR: SOC 2 COMPLIANCE & CERTIFICATION YOUR IT COMPLIANCE PARTNER – GO BEYOND THE CHECKLIST Download SOC 2 Compliance Checklist SOC 2 Compliance Blog Schedule SOC 2 Compliance Project Plan
ControlCase Introduction What does SOC stand for? What is SOC 2 Compliance? What is SOC 2 Certification? What is a SOC 2 Report? Who can perform a SOC 2 Audit? How do Managed Service Providers Comply with SOC 2? How to lower cost of SOC 2 Audit? ControlCase Methodology for SOC 2 Compliance Why ControlCase? Agenda © 2021 ControlCase. All Rights Reserved. 2 1 2 3 4 5 6 7 8 9 10
CONTROLCASE INTRODUCTION 1 © 2021 ControlCase. All Rights Reserved. 3
ControlCase Snapshot © 2021 ControlCase. All Rights Reserved. 4 CERTIFICATION AND CONTINUOUS COMPLIANCE SERVICES Go beyond the auditor’s checklist to: Dramatically cut the time, cost and burden from becoming certified and maintaining IT compliance. • Demonstrate compliance more efficiently and cost effectively (cost certainty) • Improve efficiencies ⁃ Do more with less resources and gain compliance peace of mind • Free up your internal resources to focus on their priorities • Offload much of the compliance burden to a trusted compliance partner 1,000+ 275+ 10,000+ CLIENTS IT SECURITY CERTIFICATIONS SECURITY EXPERTS
Solution © 2021 ControlCase. All Rights Reserved. 5 Certification and Continuous Compliance Services “I’ve worked on both sides of auditing. I have not seen any other firm deliver the same product and service with the same value. No other firm provides that continuous improvement and the level of detail and responsiveness. — Security and Compliance Manager, Data Center
Certification Services © 2021 ControlCase. All Rights Reserved. 6 One Audit™ Assess Once. Comply to Many. “You have 27 seconds to make a first impression. And after our initial meeting, it became clear that they were more interested in helping our business and building a relationship, not just getting the business. — Sr. Director, Information Risk & Compliance, Large Merchant PCI DSS ISO 27001 & 27002 SOC 1,2,3 & SOC for Cybersecurity HITRUST CSF HIPAA CCPA GDPR NIST 800-53 PCI PIN PCI PA-DSS FedRAMP PCI 3DS
WHAT DOES SOC STAND FOR? 2 © 2021 ControlCase. All Rights Reserved. 7
What does SOC stand for? © 2021 ControlCase. All Rights Reserved. 8 System and Organization Controls (SOC) SOC represents a set of compliance standards developed by the American Institute of CPAs (AICPA) – a network of over 400,000 CPA professionals across the globe. SOC Audits aim to examine the policies, procedures, and internal controls of an organizations. There are 3 SOC Audits & Reports. • SOC 1 • SOC 2 • SOC 3
SOC 1 (Financial Controls) SOC 2 (Process/ IT Controls) SOC 3 (Publicly Shareable) • Reports on the processes and controls that influence the organization’s internal control over financial reporting (ICFR). • This is because …the choices a company makes as a service organization may affect the financial reporting their users’ organizations. • Standard assessment report required by user entities to comply with Sarbanes-Oxley Act (SOX) • Designed for service organizations. • Reports on non-financial controls. • Focuses on five key trust services criteria (formerly called trust services principles), or TSCs. • SOC 2 outlines the standards that are necessary to keep sensitive data private and secure while it’s in transit or at rest. • SOC 3 is similar to SOC 2 in terms of the criteria. • The main difference is in the reporting - SOC 2 is tailored for sharing with specific organizations, whereas SOC 3 reports are more applicable for general audiences and therefore made publicly available. What are the 3 types of SOC Reports? © 2021 ControlCase. All Rights Reserved. 9
When are the Reports applicable? © 2021 ControlCase. All Rights Reserved. 10 Type 1 Type 2 • The service organization has not been in operation for a sufficient length of time to enable the service auditor to gather sufficient appropriate evidence regarding the operating effectiveness of controls, hence is “point in time”. • The service organization has recently made significant changes to their system and related controls and do not have a sufficient history with a stable system to enable a type 2 engagement to be performed. • The service organization has had a long running stable system capable of demonstrating the effectiveness in the design of controls over a defined period of time retrospectively, normally no less than 6 months and not longer than 12 months.
WHAT IS SOC 2 COMPLIANCE? 3 © 2021 ControlCase. All Rights Reserved. 11
What is SOC 2 Compliance? © 2021 ControlCase. All Rights Reserved. 12 SOC 2 focuses on non-financial reporting of internal controls and systems. SOC 2 aims to protect the confidentiality and privacy of data that’s stored in cloud environments. SOC 2 compliance helps service providers show that the security, privacy, confidentiality and integrity of their customers’ data is a priority.
Who does SOC 2 Compliance apply to? © 2021 ControlCase. All Rights Reserved. 13 SOC 2 applies to any organization wanting to effectively demonstrate to associated organizations; controls associated with the selected Trust Service Criteria as part of third- party relationships. Any organization that stores its customer data in the cloud. Third-party service providers such as cloud storage, web hosting, and software-as-a-service (SaaS) companies.
What are the SOC 2 Trust Service Criteria? © 2021 ControlCase. All Rights Reserved. 14 SOC 2 defines criteria for managing customer data based on 5 “Trust Service Criteria” (TSCs): SECURITY AVAILABILITY CONFIDENTIALITY PROCESSING INTEGRITY PRIVACY 1 2 3 4 5
Security © 2021 ControlCase. All Rights Reserved. 15 Included in all SOC Audits. Focuses on Common Criteria related to protecting data and systems. Aims to ensure information and systems are protected against unauthorized access, disclosure and damage.
Examples of what is included in the Security TSC © 2021 ControlCase. All Rights Reserved. 16 Penetration tests and vulnerability assessments Application security measures Firewalls Intrusion detection systems (IDS) Multi factor authentication tools Access Control Application and Network Security Measures Computer Use Policies
Availability © 2021 ControlCase. All Rights Reserved. 17 Addresses Accessibility (uptime). Assesses the data that customers receive and how readily available it is. Reviews accessibility for operations, monitoring, and maintenance.
Examples of what is included in the Availability TSC © 2021 ControlCase. All Rights Reserved. 18 Performance and incident monitoring and response. Disaster response and recovery. Replication and redundancy Secure data backups.
Confidentiality © 2021 ControlCase. All Rights Reserved. 19 Ensures “confidential” data remains protected and secure. Encourages Encryption for in-transit data security. Encourages client certificates and personal authentication certificates.
Examples of what is addressed in the Confidentiality TSC © 2021 ControlCase. All Rights Reserved. 20 Digital access controls Physical access controls Network and application firewalls Cryptographic solutions
Processing Integrity © 2021 ControlCase. All Rights Reserved. 21 Ensures systems are processing the data as authorized. Ensures the accuracy, completeness, validity and timeliness of the data. Assesses that systems are achieving the goals and purposes that they were designed to achieve.
Examples of what is included in the Processing Integrity TSC © 2021 ControlCase. All Rights Reserved. 22 Quality Assurance Process Monitoring Systems
Privacy © 2021 ControlCase. All Rights Reserved. 23 Reviews the onus of responsibility on the Privacy requirements of Personal Data(PII). PII includes name, social security numbers, contact information, address .etc. Requires organizations to demonstrate that they protect and handle personal information securely. Addresses how data is collected, used, disclosed, retained and disposed of.
Examples of what is addressed in the Privacy TSC © 2021 ControlCase. All Rights Reserved. 24 Notice and communication of objectives Choice and consent Collection Use, retention, and disposal Access Disclosure and notification Quality Monitoring and enforcement
SOC 2 + © 2021 ControlCase. All Rights Reserved. 25 SOC 2 allows for Additional Subject Matter Assessments saving organizations time and cost SOC 2 + GDPR SOC 2 + CCPA SOC 2 + GDPR and CCPA Provides synergy of overlapping controls across multiple regulations
WHAT IS SOC 2 CERTIFICATION? 4 © 2021 ControlCase. All Rights Reserved. 26
What is a SOC 2 Attestation? SOC is not a Certification, it is an Attestation which is a type of audit report that attests to the trustworthiness of services provided by a service organization by a trusted source – a CPA, governed by the Code of Conduct of the AICPA. © 2021 ControlCase. All Rights Reserved. 27
WHAT IS A SOC 2 REPORT? 5 © 2021 ControlCase. All Rights Reserved. 28
What is a SOC 2 Report? © 2021 ControlCase. All Rights Reserved. 29 There are 2 types of SOC 2 reports: SOC 2 Type 1 Outlines management’s description of a service organization’s system and the suitability of the design and operating effectiveness of controls.” This report evaluates the controls at a specific point in time. SOC 2 Type 2 Focuses not just on the description and design of the controls, but also actually evaluating operational effectiveness. The report evaluates controls over an extended period retrospectively to ensure the effectiveness of the controls (normally no less than 6 months and no more than 12).
WHAT IS THE PROCESS TO GET SOC 2 TYPE 2 ATTESTED? 6 © 2021 ControlCase. All Rights Reserved. 30
ControlCase SOC Attestation Methodology © 2021 ControlCase. All Rights Reserved. 31 CONSOLIDATED PRE- CERTIFICATION ASSESSMENT STRATEGY CALL SKYCAM SETUP SCOPING SUBMISSION TO CPA AUDIT FIRM CRITERIA CHECKLIST REVIEW QUALITY ASSURANCE REQUIREMENTS REPORT RELEASE COMPLIANCE 1 2 3 4 5 6 7 8 9 10 ATTESTATION Collect once & use for multiple regulations MANUAL EVIDENCE COLLECTION AUTOMATED EVIDENCE COLLECTION
HOW DO MANAGED SERVICE PROVIDERS COMPLY WITH SOC 2? 7 © 2021 ControlCase. All Rights Reserved. 32
MSPs are generally required to comply with either SOC 1 or SOC 2 examinations depending on the services they render or scope of the services. MSPs that handle, process, transmit or store financial data should have a SOC 1 performed. MSPs enable their clients to inherit controls based on the relationship; for example, a Data Center provider’s clients will automatically inherit controls that address physical and environmental security of the infrastructure. MSPs that offer broader services than just financial should have a SOC 2 performed based on the TSCs required. How do MSPs comply with SOC 2? © 2021 ControlCase. All Rights Reserved. 33
HOW TO LOWER COST OF A SOC AUDIT? 8 © 2021 ControlCase. All Rights Reserved. 34
How to lower cost of a SOC 2 Audit? © 2021 ControlCase. All Rights Reserved. 35 Partner with existing SOC 2 Type 2 Attested MSPs. Identify most appropriate TSCs that are relevant to your business. Scope Reduction – architect the network to reduce scope.
WHY CONTROLCASE? 10 © 2021 ControlCase. All Rights Reserved. 36
One Audit™ © 2021 ControlCase. All Rights Reserved. 37 GDPR CCPA SOC 1,2,3 & SOC for Cybersecurity ISO 27001 & 27002 HIPAA FedRAMP NIST CSF PCI PIN PCI PA-DSS CSA STAR Microsoft SSPA Assess Once. Comply to Many. PCI DSS
Automation © 2021 ControlCase. All Rights Reserved. 38 ACE • Automated Compliance Engine • Collect evidence such as configurations remotely CDD • Data Discovery Solution • Scan end user workstations for PII VAPT • Vulnerability Assessment and Penetration Testing • Perform remote vulnerability scans and penetration tests LOGS • Log Analysis and Alerting • Review log settings and identify missing logs remotely 1 2 3 4
Continuous Compliance Services ControlCase Addresses Common non-compliant situations that may leave you vulnerable: © 2021 ControlCase. All Rights Reserved. 39 In-scope assets not reporting logs In-scope assets missed from vulnerability scans Critical, overlooked vulnerabilities due to volume Risky firewall rule sets go undetected Non-compliant user access scenarios not flagged FEATURE: Package 1 - With Cybersecurity Services* Package 2 - Without Cybersecurity Services* Quarterly Review of 15 to 25 Compliance Questions ✓ ✓ Quarterly Review of Scope ✓ ✓ Collecting & Analyzing Data through connectors from client systems — ✓ Vulnerability Assessment ✓ — Penetration Testing ✓ — Sensitive Data Discovery ✓ — Firewall Ruleset Review ✓ — Security Awareness Training ✓ — Logging & Automated Alerting ✓ — * Hybrid package can be selected.
Summary – Why ControlCase © 2021 ControlCase. All Rights Reserved. 40 “They provide excellent service, expertise and technology. And, the visibility into my compliance throughout the year and during the audit process provide a lot of value to us. — Dir. of Compliance, SaaS company
FREE 1 Hour Working Session - SOC Project Plan Development © 2021 ControlCase. All Rights Reserved. 41 SOC Project Plan Development ControlCase will assist you in building your SOC project plan. The plan will cover: - Address organizational buy-in - Assist in identification of Key Personnel and their Roles. - Parameterize Scope - Define Observation Period - Policy and Procedure Checklist - Selection of applicable Trust Service Criteria Email Amy Poblete to schedule your free working session - apoblete@controlcase.com Email Amy Poblete Now to Secure your spot!
THANK YOU FOR THE OPPORTUNITY TO CONTRIBUTE TO YOUR IT COMPLIANCE PROGRAM. www.controlcase.com contact@controlcase.com Download SOC 2 Compliance Checklist SOC 2 Compliance Blog Schedule SOC 2 Compliance Project Plan

Recomendados

SOC 2 and You
SOC 2 and YouSOC 2 and You
SOC 2 and YouSchellman & Company
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentationMidhun Nirmal
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA
 
What is iso 27001 isms
What is iso 27001 ismsWhat is iso 27001 isms
What is iso 27001 ismsCraig Willetts ISO Expert
 
Soc 2 attestation or ISO 27001 certification - Which is better for organization
Soc 2 attestation or ISO 27001 certification - Which is better for organizationSoc 2 attestation or ISO 27001 certification - Which is better for organization
Soc 2 attestation or ISO 27001 certification - Which is better for organizationVISTA InfoSec
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdfControlCase
 
Control Standards for Information Security
Control Standards for Information SecurityControl Standards for Information Security
Control Standards for Information SecurityJohnHPazEMCPMPITIL5G
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxDr Madhu Aman Sharma
 

Recomendados

SOC 2 and You
SOC 2 and YouSOC 2 and You
SOC 2 and YouSchellman & Company
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentationMidhun Nirmal
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA
 
What is iso 27001 isms
What is iso 27001 ismsWhat is iso 27001 isms
What is iso 27001 ismsCraig Willetts ISO Expert
 
Soc 2 attestation or ISO 27001 certification - Which is better for organization
Soc 2 attestation or ISO 27001 certification - Which is better for organizationSoc 2 attestation or ISO 27001 certification - Which is better for organization
Soc 2 attestation or ISO 27001 certification - Which is better for organizationVISTA InfoSec
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdfControlCase
 
Control Standards for Information Security
Control Standards for Information SecurityControl Standards for Information Security
Control Standards for Information SecurityJohnHPazEMCPMPITIL5G
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxDr Madhu Aman Sharma
 
ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2Tanmay Shinde
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfControlCase
 
SOC 2: Build Trust and Confidence
SOC 2: Build Trust and ConfidenceSOC 2: Build Trust and Confidence
SOC 2: Build Trust and ConfidenceSchellman & Company
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001Imran Ahmed
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingOperational Excellence Consulting
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness TrainingDr Madhu Aman Sharma
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My OrganisationVigilant Software
 
Information security management system (isms) overview
Information security management system (isms) overviewInformation security management system (isms) overview
Information security management system (isms) overviewJulia Urbina-Pineda
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?PECB
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awarenessÃsħâr Ãâlâm
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementationRalf Braga
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security RoadmapElliott Franklin
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewShankar Subramaniyan
 
Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032PECB
 
ISO 27001:2022 Introduction
ISO 27001:2022 IntroductionISO 27001:2022 Introduction
ISO 27001:2022 IntroductionAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
SOC2 Intro and Mindfulness
SOC2 Intro and MindfulnessSOC2 Intro and Mindfulness
SOC2 Intro and MindfulnessEmilyGladstoneCole
 
ISO 27001
ISO 27001ISO 27001
ISO 27001n|u - The Open Security Community
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaFahmi Albaheth
 
Iso 27001 2013
Iso 27001 2013Iso 27001 2013
Iso 27001 2013Magda CHELLY, Ph.D, S-CISO, CISSP®
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 Erick Kish, U.S. Commercial Service
 
Managing Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust PrinciplesManaging Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust PrinciplesControlCase
 
Service Organizational Control (SOC 2) Compliance - Kloudlearn
Service Organizational Control (SOC 2) Compliance - KloudlearnService Organizational Control (SOC 2) Compliance - Kloudlearn
Service Organizational Control (SOC 2) Compliance - KloudlearnKloudLearn
 

Mais conteúdo relacionado

Mais procurados

ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2Tanmay Shinde
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfControlCase
 
SOC 2: Build Trust and Confidence
SOC 2: Build Trust and ConfidenceSOC 2: Build Trust and Confidence
SOC 2: Build Trust and ConfidenceSchellman & Company
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001Imran Ahmed
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingOperational Excellence Consulting
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My OrganisationVigilant Software
 
Information security management system (isms) overview
Information security management system (isms) overviewInformation security management system (isms) overview
Information security management system (isms) overviewJulia Urbina-Pineda
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?PECB
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementationRalf Braga
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security RoadmapElliott Franklin
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewShankar Subramaniyan
 
Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032PECB
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaFahmi Albaheth
 

Mais procurados (20)

ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdf
 
SOC 2: Build Trust and Confidence
SOC 2: Build Trust and ConfidenceSOC 2: Build Trust and Confidence
SOC 2: Build Trust and Confidence
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness Training
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My Organisation
 
Information security management system (isms) overview
Information security management system (isms) overviewInformation security management system (isms) overview
Information security management system (isms) overview
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awareness
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementation
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security Roadmap
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
 
Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032
 
ISO 27001:2022 Introduction
ISO 27001:2022 IntroductionISO 27001:2022 Introduction
ISO 27001:2022 Introduction
 
SOC2 Intro and Mindfulness
SOC2 Intro and MindfulnessSOC2 Intro and Mindfulness
SOC2 Intro and Mindfulness
 
ISO 27001
ISO 27001ISO 27001
ISO 27001
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan Mustafa
 
Iso 27001 2013
Iso 27001 2013Iso 27001 2013
Iso 27001 2013
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101
 

Semelhante a SOC 2 Compliance and Certification

Managing Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust PrinciplesManaging Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust PrinciplesControlCase
 
Service Organizational Control (SOC 2) Compliance - Kloudlearn
Service Organizational Control (SOC 2) Compliance - KloudlearnService Organizational Control (SOC 2) Compliance - Kloudlearn
Service Organizational Control (SOC 2) Compliance - KloudlearnKloudLearn
 
Leveraging compliance to raise the bar on security
Leveraging compliance to raise the bar on securityLeveraging compliance to raise the bar on security
Leveraging compliance to raise the bar on securityMike Lemire
 
How to effectively use ISO 27001 Certification and SOC 2 Reports
How to effectively use ISO 27001 Certification and SOC 2 ReportsHow to effectively use ISO 27001 Certification and SOC 2 Reports
How to effectively use ISO 27001 Certification and SOC 2 ReportsSalvi Jansen
 
SOC Certification for Service Providers: Securing Customer Data
SOC Certification for Service Providers: Securing Customer DataSOC Certification for Service Providers: Securing Customer Data
SOC Certification for Service Providers: Securing Customer DataShyamMishra72
 
OneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to ManyOneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to ManyControlCase
 
Account Right SOC Services brochure.pptx
Account Right SOC Services brochure.pptxAccount Right SOC Services brochure.pptx
Account Right SOC Services brochure.pptxGaneshMeenakshiSunda4
 
Maintaining Data Privacy with Ashish Kirtikar
Maintaining Data Privacy with Ashish KirtikarMaintaining Data Privacy with Ashish Kirtikar
Maintaining Data Privacy with Ashish KirtikarControlCase
 
Facility Environmental Audit Guidelines
Facility Environmental Audit GuidelinesFacility Environmental Audit Guidelines
Facility Environmental Audit Guidelinesamburyj3c9
 
Performing One Audit Using Zero Trust Principles
Performing One Audit Using Zero Trust PrinciplesPerforming One Audit Using Zero Trust Principles
Performing One Audit Using Zero Trust PrinciplesControlCase
 
Gaining assurance over 3rd party soc 1 and soc 2 reporting 7-2014
Gaining assurance over 3rd party soc 1 and soc 2 reporting 7-2014Gaining assurance over 3rd party soc 1 and soc 2 reporting 7-2014
Gaining assurance over 3rd party soc 1 and soc 2 reporting 7-2014Accounting_Whitepapers
 
What is the UK Cyber Essentials scheme?
What is the UK Cyber Essentials scheme?What is the UK Cyber Essentials scheme?
What is the UK Cyber Essentials scheme?IT Governance Ltd
 
Soc 2 Compliance.pdf
Soc 2 Compliance.pdfSoc 2 Compliance.pdf
Soc 2 Compliance.pdfroguelogics
 
Soc 2 Compliance.pdf
Soc 2 Compliance.pdfSoc 2 Compliance.pdf
Soc 2 Compliance.pdfroguelogics
 
MCGlobalTech CMMC Managed Compliance Service
MCGlobalTech CMMC Managed Compliance ServiceMCGlobalTech CMMC Managed Compliance Service
MCGlobalTech CMMC Managed Compliance ServiceWilliam McBorrough
 
Data Center Audit Standards
Data Center Audit StandardsData Center Audit Standards
Data Center Audit StandardsKeyur Thakore
 
The Retirement Of Sas 70 Article
The Retirement Of Sas 70 ArticleThe Retirement Of Sas 70 Article
The Retirement Of Sas 70 ArticleDTIMMERMAN
 
SOC 2 for Startups – A Complete Guide
SOC 2 for Startups – A Complete GuideSOC 2 for Startups – A Complete Guide
SOC 2 for Startups – A Complete GuideBrielle Aria
 
Demystifying SOC 2 Certification: Enhancing Trust in Data Security
Demystifying SOC 2 Certification: Enhancing Trust in Data SecurityDemystifying SOC 2 Certification: Enhancing Trust in Data Security
Demystifying SOC 2 Certification: Enhancing Trust in Data SecurityShyamMishra72
 

Semelhante a SOC 2 Compliance and Certification (20)

Managing Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust PrinciplesManaging Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust Principles
 
Service Organizational Control (SOC 2) Compliance - Kloudlearn
Service Organizational Control (SOC 2) Compliance - KloudlearnService Organizational Control (SOC 2) Compliance - Kloudlearn
Service Organizational Control (SOC 2) Compliance - Kloudlearn
 
Leveraging compliance to raise the bar on security
Leveraging compliance to raise the bar on securityLeveraging compliance to raise the bar on security
Leveraging compliance to raise the bar on security
 
How to effectively use ISO 27001 Certification and SOC 2 Reports
How to effectively use ISO 27001 Certification and SOC 2 ReportsHow to effectively use ISO 27001 Certification and SOC 2 Reports
How to effectively use ISO 27001 Certification and SOC 2 Reports
 
SOC Certification for Service Providers: Securing Customer Data
SOC Certification for Service Providers: Securing Customer DataSOC Certification for Service Providers: Securing Customer Data
SOC Certification for Service Providers: Securing Customer Data
 
OneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to ManyOneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to Many
 
Account Right SOC Services brochure.pptx
Account Right SOC Services brochure.pptxAccount Right SOC Services brochure.pptx
Account Right SOC Services brochure.pptx
 
SOC for Cybersecurity Overview
SOC for Cybersecurity OverviewSOC for Cybersecurity Overview
SOC for Cybersecurity Overview
 
Maintaining Data Privacy with Ashish Kirtikar
Maintaining Data Privacy with Ashish KirtikarMaintaining Data Privacy with Ashish Kirtikar
Maintaining Data Privacy with Ashish Kirtikar
 
Facility Environmental Audit Guidelines
Facility Environmental Audit GuidelinesFacility Environmental Audit Guidelines
Facility Environmental Audit Guidelines
 
Performing One Audit Using Zero Trust Principles
Performing One Audit Using Zero Trust PrinciplesPerforming One Audit Using Zero Trust Principles
Performing One Audit Using Zero Trust Principles
 
Gaining assurance over 3rd party soc 1 and soc 2 reporting 7-2014
Gaining assurance over 3rd party soc 1 and soc 2 reporting 7-2014Gaining assurance over 3rd party soc 1 and soc 2 reporting 7-2014
Gaining assurance over 3rd party soc 1 and soc 2 reporting 7-2014
 
What is the UK Cyber Essentials scheme?
What is the UK Cyber Essentials scheme?What is the UK Cyber Essentials scheme?
What is the UK Cyber Essentials scheme?
 
Soc 2 Compliance.pdf
Soc 2 Compliance.pdfSoc 2 Compliance.pdf
Soc 2 Compliance.pdf
 
Soc 2 Compliance.pdf
Soc 2 Compliance.pdfSoc 2 Compliance.pdf
Soc 2 Compliance.pdf
 
MCGlobalTech CMMC Managed Compliance Service
MCGlobalTech CMMC Managed Compliance ServiceMCGlobalTech CMMC Managed Compliance Service
MCGlobalTech CMMC Managed Compliance Service
 
Data Center Audit Standards
Data Center Audit StandardsData Center Audit Standards
Data Center Audit Standards
 
The Retirement Of Sas 70 Article
The Retirement Of Sas 70 ArticleThe Retirement Of Sas 70 Article
The Retirement Of Sas 70 Article
 
SOC 2 for Startups – A Complete Guide
SOC 2 for Startups – A Complete GuideSOC 2 for Startups – A Complete Guide
SOC 2 for Startups – A Complete Guide
 
Demystifying SOC 2 Certification: Enhancing Trust in Data Security
Demystifying SOC 2 Certification: Enhancing Trust in Data SecurityDemystifying SOC 2 Certification: Enhancing Trust in Data Security
Demystifying SOC 2 Certification: Enhancing Trust in Data Security
 

Mais de ControlCase

PCI DSS v4 - ControlCase Update Webinar Final.pdf
PCI DSS v4 - ControlCase Update Webinar Final.pdfPCI DSS v4 - ControlCase Update Webinar Final.pdf
PCI DSS v4 - ControlCase Update Webinar Final.pdfControlCase
 
Integrated Compliance Webinar.pptx
Integrated Compliance Webinar.pptxIntegrated Compliance Webinar.pptx
Integrated Compliance Webinar.pptxControlCase
 
2022-Q2-Webinar-ISO_Spanish_Final.pdf
2022-Q2-Webinar-ISO_Spanish_Final.pdf2022-Q2-Webinar-ISO_Spanish_Final.pdf
2022-Q2-Webinar-ISO_Spanish_Final.pdfControlCase
 
French PCI DSS v4.0 Webinaire.pdf
French PCI DSS v4.0 Webinaire.pdfFrench PCI DSS v4.0 Webinaire.pdf
French PCI DSS v4.0 Webinaire.pdfControlCase
 
DFARS CMMC SPRS NIST 800-171 Explainer.pdf
DFARS CMMC SPRS NIST 800-171 Explainer.pdfDFARS CMMC SPRS NIST 800-171 Explainer.pdf
DFARS CMMC SPRS NIST 800-171 Explainer.pdfControlCase
 
Webinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptxWebinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptxControlCase
 
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdfControlCase
 
Webinar-Spanish-PCI DSS-4.0.pdf
Webinar-Spanish-PCI DSS-4.0.pdfWebinar-Spanish-PCI DSS-4.0.pdf
Webinar-Spanish-PCI DSS-4.0.pdfControlCase
 
PCI DSS 4.0 Webinar Final.pptx
PCI DSS 4.0 Webinar Final.pptxPCI DSS 4.0 Webinar Final.pptx
PCI DSS 4.0 Webinar Final.pptxControlCase
 
Webinar - CMMC Certification.pptx
Webinar - CMMC Certification.pptxWebinar - CMMC Certification.pptx
Webinar - CMMC Certification.pptxControlCase
 
HITRUST Certification
HITRUST CertificationHITRUST Certification
HITRUST CertificationControlCase
 
CMMC Certification
CMMC CertificationCMMC Certification
CMMC CertificationControlCase
 
FedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP MarketplaceFedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP MarketplaceControlCase
 
PCI DSS Compliance Checklist
PCI DSS Compliance ChecklistPCI DSS Compliance Checklist
PCI DSS Compliance ChecklistControlCase
 
Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance MonitoringControlCase
 
PCI DSS Compliance in the Cloud
PCI DSS Compliance in the CloudPCI DSS Compliance in the Cloud
PCI DSS Compliance in the CloudControlCase
 
Vendor Management for PCI DSS, HIPAA, and FFIEC
Vendor Management for PCI DSS, HIPAA, and FFIECVendor Management for PCI DSS, HIPAA, and FFIEC
Vendor Management for PCI DSS, HIPAA, and FFIECControlCase
 
Performing PCI DSS Assessments Using Zero Trust Principles
Performing PCI DSS Assessments Using Zero Trust PrinciplesPerforming PCI DSS Assessments Using Zero Trust Principles
Performing PCI DSS Assessments Using Zero Trust PrinciplesControlCase
 
PCI DSS Business as Usual
PCI DSS Business as UsualPCI DSS Business as Usual
PCI DSS Business as UsualControlCase
 
Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance MonitoringControlCase
 

Mais de ControlCase (20)

PCI DSS v4 - ControlCase Update Webinar Final.pdf
PCI DSS v4 - ControlCase Update Webinar Final.pdfPCI DSS v4 - ControlCase Update Webinar Final.pdf
PCI DSS v4 - ControlCase Update Webinar Final.pdf
 
Integrated Compliance Webinar.pptx
Integrated Compliance Webinar.pptxIntegrated Compliance Webinar.pptx
Integrated Compliance Webinar.pptx
 
2022-Q2-Webinar-ISO_Spanish_Final.pdf
2022-Q2-Webinar-ISO_Spanish_Final.pdf2022-Q2-Webinar-ISO_Spanish_Final.pdf
2022-Q2-Webinar-ISO_Spanish_Final.pdf
 
French PCI DSS v4.0 Webinaire.pdf
French PCI DSS v4.0 Webinaire.pdfFrench PCI DSS v4.0 Webinaire.pdf
French PCI DSS v4.0 Webinaire.pdf
 
DFARS CMMC SPRS NIST 800-171 Explainer.pdf
DFARS CMMC SPRS NIST 800-171 Explainer.pdfDFARS CMMC SPRS NIST 800-171 Explainer.pdf
DFARS CMMC SPRS NIST 800-171 Explainer.pdf
 
Webinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptxWebinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptx
 
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
 
Webinar-Spanish-PCI DSS-4.0.pdf
Webinar-Spanish-PCI DSS-4.0.pdfWebinar-Spanish-PCI DSS-4.0.pdf
Webinar-Spanish-PCI DSS-4.0.pdf
 
PCI DSS 4.0 Webinar Final.pptx
PCI DSS 4.0 Webinar Final.pptxPCI DSS 4.0 Webinar Final.pptx
PCI DSS 4.0 Webinar Final.pptx
 
Webinar - CMMC Certification.pptx
Webinar - CMMC Certification.pptxWebinar - CMMC Certification.pptx
Webinar - CMMC Certification.pptx
 
HITRUST Certification
HITRUST CertificationHITRUST Certification
HITRUST Certification
 
CMMC Certification
CMMC CertificationCMMC Certification
CMMC Certification
 
FedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP MarketplaceFedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP Marketplace
 
PCI DSS Compliance Checklist
PCI DSS Compliance ChecklistPCI DSS Compliance Checklist
PCI DSS Compliance Checklist
 
Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance Monitoring
 
PCI DSS Compliance in the Cloud
PCI DSS Compliance in the CloudPCI DSS Compliance in the Cloud
PCI DSS Compliance in the Cloud
 
Vendor Management for PCI DSS, HIPAA, and FFIEC
Vendor Management for PCI DSS, HIPAA, and FFIECVendor Management for PCI DSS, HIPAA, and FFIEC
Vendor Management for PCI DSS, HIPAA, and FFIEC
 
Performing PCI DSS Assessments Using Zero Trust Principles
Performing PCI DSS Assessments Using Zero Trust PrinciplesPerforming PCI DSS Assessments Using Zero Trust Principles
Performing PCI DSS Assessments Using Zero Trust Principles
 
PCI DSS Business as Usual
PCI DSS Business as UsualPCI DSS Business as Usual
PCI DSS Business as Usual
 
Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance Monitoring
 

Último

Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 

Último (20)

Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 

SOC 2 Compliance and Certification

  • 1. WEBINAR: SOC 2 COMPLIANCE & CERTIFICATION YOUR IT COMPLIANCE PARTNER – GO BEYOND THE CHECKLIST Download SOC 2 Compliance Checklist SOC 2 Compliance Blog Schedule SOC 2 Compliance Project Plan
  • 2. ControlCase Introduction What does SOC stand for? What is SOC 2 Compliance? What is SOC 2 Certification? What is a SOC 2 Report? Who can perform a SOC 2 Audit? How do Managed Service Providers Comply with SOC 2? How to lower cost of SOC 2 Audit? ControlCase Methodology for SOC 2 Compliance Why ControlCase? Agenda © 2021 ControlCase. All Rights Reserved. 2 1 2 3 4 5 6 7 8 9 10
  • 3. CONTROLCASE INTRODUCTION 1 © 2021 ControlCase. All Rights Reserved. 3
  • 4. ControlCase Snapshot © 2021 ControlCase. All Rights Reserved. 4 CERTIFICATION AND CONTINUOUS COMPLIANCE SERVICES Go beyond the auditor’s checklist to: Dramatically cut the time, cost and burden from becoming certified and maintaining IT compliance. • Demonstrate compliance more efficiently and cost effectively (cost certainty) • Improve efficiencies ⁃ Do more with less resources and gain compliance peace of mind • Free up your internal resources to focus on their priorities • Offload much of the compliance burden to a trusted compliance partner 1,000+ 275+ 10,000+ CLIENTS IT SECURITY CERTIFICATIONS SECURITY EXPERTS
  • 5. Solution © 2021 ControlCase. All Rights Reserved. 5 Certification and Continuous Compliance Services “I’ve worked on both sides of auditing. I have not seen any other firm deliver the same product and service with the same value. No other firm provides that continuous improvement and the level of detail and responsiveness. — Security and Compliance Manager, Data Center
  • 6. Certification Services © 2021 ControlCase. All Rights Reserved. 6 One Audit™ Assess Once. Comply to Many. “You have 27 seconds to make a first impression. And after our initial meeting, it became clear that they were more interested in helping our business and building a relationship, not just getting the business. — Sr. Director, Information Risk & Compliance, Large Merchant PCI DSS ISO 27001 & 27002 SOC 1,2,3 & SOC for Cybersecurity HITRUST CSF HIPAA CCPA GDPR NIST 800-53 PCI PIN PCI PA-DSS FedRAMP PCI 3DS
  • 7. WHAT DOES SOC STAND FOR? 2 © 2021 ControlCase. All Rights Reserved. 7
  • 8. What does SOC stand for? © 2021 ControlCase. All Rights Reserved. 8 System and Organization Controls (SOC) SOC represents a set of compliance standards developed by the American Institute of CPAs (AICPA) – a network of over 400,000 CPA professionals across the globe. SOC Audits aim to examine the policies, procedures, and internal controls of an organizations. There are 3 SOC Audits & Reports. • SOC 1 • SOC 2 • SOC 3
  • 9. SOC 1 (Financial Controls) SOC 2 (Process/ IT Controls) SOC 3 (Publicly Shareable) • Reports on the processes and controls that influence the organization’s internal control over financial reporting (ICFR). • This is because …the choices a company makes as a service organization may affect the financial reporting their users’ organizations. • Standard assessment report required by user entities to comply with Sarbanes-Oxley Act (SOX) • Designed for service organizations. • Reports on non-financial controls. • Focuses on five key trust services criteria (formerly called trust services principles), or TSCs. • SOC 2 outlines the standards that are necessary to keep sensitive data private and secure while it’s in transit or at rest. • SOC 3 is similar to SOC 2 in terms of the criteria. • The main difference is in the reporting - SOC 2 is tailored for sharing with specific organizations, whereas SOC 3 reports are more applicable for general audiences and therefore made publicly available. What are the 3 types of SOC Reports? © 2021 ControlCase. All Rights Reserved. 9
  • 10. When are the Reports applicable? © 2021 ControlCase. All Rights Reserved. 10 Type 1 Type 2 • The service organization has not been in operation for a sufficient length of time to enable the service auditor to gather sufficient appropriate evidence regarding the operating effectiveness of controls, hence is “point in time”. • The service organization has recently made significant changes to their system and related controls and do not have a sufficient history with a stable system to enable a type 2 engagement to be performed. • The service organization has had a long running stable system capable of demonstrating the effectiveness in the design of controls over a defined period of time retrospectively, normally no less than 6 months and not longer than 12 months.
  • 11. WHAT IS SOC 2 COMPLIANCE? 3 © 2021 ControlCase. All Rights Reserved. 11
  • 12. What is SOC 2 Compliance? © 2021 ControlCase. All Rights Reserved. 12 SOC 2 focuses on non-financial reporting of internal controls and systems. SOC 2 aims to protect the confidentiality and privacy of data that’s stored in cloud environments. SOC 2 compliance helps service providers show that the security, privacy, confidentiality and integrity of their customers’ data is a priority.
  • 13. Who does SOC 2 Compliance apply to? © 2021 ControlCase. All Rights Reserved. 13 SOC 2 applies to any organization wanting to effectively demonstrate to associated organizations; controls associated with the selected Trust Service Criteria as part of third- party relationships. Any organization that stores its customer data in the cloud. Third-party service providers such as cloud storage, web hosting, and software-as-a-service (SaaS) companies.
  • 14. What are the SOC 2 Trust Service Criteria? © 2021 ControlCase. All Rights Reserved. 14 SOC 2 defines criteria for managing customer data based on 5 “Trust Service Criteria” (TSCs): SECURITY AVAILABILITY CONFIDENTIALITY PROCESSING INTEGRITY PRIVACY 1 2 3 4 5
  • 15. Security © 2021 ControlCase. All Rights Reserved. 15 Included in all SOC Audits. Focuses on Common Criteria related to protecting data and systems. Aims to ensure information and systems are protected against unauthorized access, disclosure and damage.
  • 16. Examples of what is included in the Security TSC © 2021 ControlCase. All Rights Reserved. 16 Penetration tests and vulnerability assessments Application security measures Firewalls Intrusion detection systems (IDS) Multi factor authentication tools Access Control Application and Network Security Measures Computer Use Policies
  • 17. Availability © 2021 ControlCase. All Rights Reserved. 17 Addresses Accessibility (uptime). Assesses the data that customers receive and how readily available it is. Reviews accessibility for operations, monitoring, and maintenance.
  • 18. Examples of what is included in the Availability TSC © 2021 ControlCase. All Rights Reserved. 18 Performance and incident monitoring and response. Disaster response and recovery. Replication and redundancy Secure data backups.
  • 19. Confidentiality © 2021 ControlCase. All Rights Reserved. 19 Ensures “confidential” data remains protected and secure. Encourages Encryption for in-transit data security. Encourages client certificates and personal authentication certificates.
  • 20. Examples of what is addressed in the Confidentiality TSC © 2021 ControlCase. All Rights Reserved. 20 Digital access controls Physical access controls Network and application firewalls Cryptographic solutions
  • 21. Processing Integrity © 2021 ControlCase. All Rights Reserved. 21 Ensures systems are processing the data as authorized. Ensures the accuracy, completeness, validity and timeliness of the data. Assesses that systems are achieving the goals and purposes that they were designed to achieve.
  • 22. Examples of what is included in the Processing Integrity TSC © 2021 ControlCase. All Rights Reserved. 22 Quality Assurance Process Monitoring Systems
  • 23. Privacy © 2021 ControlCase. All Rights Reserved. 23 Reviews the onus of responsibility on the Privacy requirements of Personal Data(PII). PII includes name, social security numbers, contact information, address .etc. Requires organizations to demonstrate that they protect and handle personal information securely. Addresses how data is collected, used, disclosed, retained and disposed of.
  • 24. Examples of what is addressed in the Privacy TSC © 2021 ControlCase. All Rights Reserved. 24 Notice and communication of objectives Choice and consent Collection Use, retention, and disposal Access Disclosure and notification Quality Monitoring and enforcement
  • 25. SOC 2 + © 2021 ControlCase. All Rights Reserved. 25 SOC 2 allows for Additional Subject Matter Assessments saving organizations time and cost SOC 2 + GDPR SOC 2 + CCPA SOC 2 + GDPR and CCPA Provides synergy of overlapping controls across multiple regulations
  • 26. WHAT IS SOC 2 CERTIFICATION? 4 © 2021 ControlCase. All Rights Reserved. 26
  • 27. What is a SOC 2 Attestation? SOC is not a Certification, it is an Attestation which is a type of audit report that attests to the trustworthiness of services provided by a service organization by a trusted source – a CPA, governed by the Code of Conduct of the AICPA. © 2021 ControlCase. All Rights Reserved. 27
  • 28. WHAT IS A SOC 2 REPORT? 5 © 2021 ControlCase. All Rights Reserved. 28
  • 29. What is a SOC 2 Report? © 2021 ControlCase. All Rights Reserved. 29 There are 2 types of SOC 2 reports: SOC 2 Type 1 Outlines management’s description of a service organization’s system and the suitability of the design and operating effectiveness of controls.” This report evaluates the controls at a specific point in time. SOC 2 Type 2 Focuses not just on the description and design of the controls, but also actually evaluating operational effectiveness. The report evaluates controls over an extended period retrospectively to ensure the effectiveness of the controls (normally no less than 6 months and no more than 12).
  • 30. WHAT IS THE PROCESS TO GET SOC 2 TYPE 2 ATTESTED? 6 © 2021 ControlCase. All Rights Reserved. 30
  • 31. ControlCase SOC Attestation Methodology © 2021 ControlCase. All Rights Reserved. 31 CONSOLIDATED PRE- CERTIFICATION ASSESSMENT STRATEGY CALL SKYCAM SETUP SCOPING SUBMISSION TO CPA AUDIT FIRM CRITERIA CHECKLIST REVIEW QUALITY ASSURANCE REQUIREMENTS REPORT RELEASE COMPLIANCE 1 2 3 4 5 6 7 8 9 10 ATTESTATION Collect once & use for multiple regulations MANUAL EVIDENCE COLLECTION AUTOMATED EVIDENCE COLLECTION
  • 32. HOW DO MANAGED SERVICE PROVIDERS COMPLY WITH SOC 2? 7 © 2021 ControlCase. All Rights Reserved. 32
  • 33. MSPs are generally required to comply with either SOC 1 or SOC 2 examinations depending on the services they render or scope of the services. MSPs that handle, process, transmit or store financial data should have a SOC 1 performed. MSPs enable their clients to inherit controls based on the relationship; for example, a Data Center provider’s clients will automatically inherit controls that address physical and environmental security of the infrastructure. MSPs that offer broader services than just financial should have a SOC 2 performed based on the TSCs required. How do MSPs comply with SOC 2? © 2021 ControlCase. All Rights Reserved. 33
  • 34. HOW TO LOWER COST OF A SOC AUDIT? 8 © 2021 ControlCase. All Rights Reserved. 34
  • 35. How to lower cost of a SOC 2 Audit? © 2021 ControlCase. All Rights Reserved. 35 Partner with existing SOC 2 Type 2 Attested MSPs. Identify most appropriate TSCs that are relevant to your business. Scope Reduction – architect the network to reduce scope.
  • 36. WHY CONTROLCASE? 10 © 2021 ControlCase. All Rights Reserved. 36
  • 37. One Audit™ © 2021 ControlCase. All Rights Reserved. 37 GDPR CCPA SOC 1,2,3 & SOC for Cybersecurity ISO 27001 & 27002 HIPAA FedRAMP NIST CSF PCI PIN PCI PA-DSS CSA STAR Microsoft SSPA Assess Once. Comply to Many. PCI DSS
  • 38. Automation © 2021 ControlCase. All Rights Reserved. 38 ACE • Automated Compliance Engine • Collect evidence such as configurations remotely CDD • Data Discovery Solution • Scan end user workstations for PII VAPT • Vulnerability Assessment and Penetration Testing • Perform remote vulnerability scans and penetration tests LOGS • Log Analysis and Alerting • Review log settings and identify missing logs remotely 1 2 3 4
  • 39. Continuous Compliance Services ControlCase Addresses Common non-compliant situations that may leave you vulnerable: © 2021 ControlCase. All Rights Reserved. 39 In-scope assets not reporting logs In-scope assets missed from vulnerability scans Critical, overlooked vulnerabilities due to volume Risky firewall rule sets go undetected Non-compliant user access scenarios not flagged FEATURE: Package 1 - With Cybersecurity Services* Package 2 - Without Cybersecurity Services* Quarterly Review of 15 to 25 Compliance Questions ✓ ✓ Quarterly Review of Scope ✓ ✓ Collecting & Analyzing Data through connectors from client systems — ✓ Vulnerability Assessment ✓ — Penetration Testing ✓ — Sensitive Data Discovery ✓ — Firewall Ruleset Review ✓ — Security Awareness Training ✓ — Logging & Automated Alerting ✓ — * Hybrid package can be selected.
  • 40. Summary – Why ControlCase © 2021 ControlCase. All Rights Reserved. 40 “They provide excellent service, expertise and technology. And, the visibility into my compliance throughout the year and during the audit process provide a lot of value to us. — Dir. of Compliance, SaaS company
  • 41. FREE 1 Hour Working Session - SOC Project Plan Development © 2021 ControlCase. All Rights Reserved. 41 SOC Project Plan Development ControlCase will assist you in building your SOC project plan. The plan will cover: - Address organizational buy-in - Assist in identification of Key Personnel and their Roles. - Parameterize Scope - Define Observation Period - Policy and Procedure Checklist - Selection of applicable Trust Service Criteria Email Amy Poblete to schedule your free working session - apoblete@controlcase.com Email Amy Poblete Now to Secure your spot!
  • 42. THANK YOU FOR THE OPPORTUNITY TO CONTRIBUTE TO YOUR IT COMPLIANCE PROGRAM. www.controlcase.com contact@controlcase.com Download SOC 2 Compliance Checklist SOC 2 Compliance Blog Schedule SOC 2 Compliance Project Plan

Notas do Editor

  1. Organizations of all sizes rely on ControlCase’s certification and continuous compliance services to dramatically cut the time, cost and burden out of IT compliance. Unlike traditional consulting firms, we bring a partnership approach versus an auditor mentality to every engagement. We go beyond the checklist and provide the expertise, guidance and automation needed to more efficiently and cost effectively demonstrate and maintain compliance. Whether you're looking to satisfy regulatory requirements, meet customer demand or establish confidence with prospective customers, with ControlCase as your compliance partner, your workforce will be free to focus on their strategic priorities, and you’ll eliminate the hassle and reduce the stress associated with certification and continuous compliance.