1 / 4

SOC 2 Auditing for cybersecurity controls

We provide SOC 2 Help by guiding our clients through the full SOC process to ensure a clean report is obtained. Our approach is focused on efficient, transparent, and tailor-made compliance assurance.

SocGuru
Download Presentation

SOC 2 Auditing for cybersecurity controls

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SOC 2: Auditing for cybersecurity controls The Service and Organization Controls 2 (SOC 2) audit is an international standard that allows you to assess a vendor’s security controls and cybersecurity threats. This tool is born from the knowledge that any service provider can be a threat to customers and the company, especially technological ones. What is the SOC 2 audit? A SOC 2audit is an effective tool for evaluating a vendor’s security controls. It is an international standard developed by the

  2. American Institute of Certified Public Accountants (AICPA), which had an update in March 2018. The need for a SOC 2 audit arises when considering that any service provider, particularly technological ones, can represent a threat to its customers, and the company that receives the service needs to have confidence that it will not be affected. Cybersecurity has become a critical part of vendor risk management and a SOC 2 audit is one of the ways to assess cybersecurity threats. There are SOC 2 Type 1 and SOC 2 Type 2 audit reports. In the type 1 case, the evaluation of the controls is carried out at a specific time. (as if it were a photograph), to determine if the controls are properly designed and appropriate. In the case of SOC 2 Type 2 reports, the company’s controls are evaluated over time, which can span a year. It is a historical review of the systems, to determine if the controls are properly designed and function correctly over time. However, SOC 2 audits address different topics in addition to facing an environment in which cybersecurity risk is constantly evolving, data protection regulation changes frequently, the roles that providers play in business processes are variable. In this environment, a foundation or framework is required to run the job.

  3. The answer is the Trust Services Principles originally developed by AICPA, also known as Fundamental Security Principles: •Security (Is the process well protected against unauthorized access?) •Privacy (Do we store personal data and in what way?) •The integrity of the process (are the data and information exchanged between customer and supplier properly protected?) •Confidentiality (Are there restrictions on access to the information?) •(Is the process functional and does it operate at different times?) When executing a SOC 2 audit, auditors should observe whether these principles are applied in the supplier’s processes and, if so, how they comply with them. This makes it possible to determine, in case the company complies with very few (or incorrect) principles, that it is in a lower security state since there are not enough controls for the security risks posed by its suppliers. It can also happen that the company is in a state of over-insurance: too much mitigation (and wasted resources) for risks that it does not have. This implies knowing the type of relationship with the provider and on that basis, inquiring with the IT security area regarding

  4. controls and guarantees. Likewise, the business process owners should be consulted in the first or second line of defense, the information and the resources that the provider can use. It is also important to consider the compliance function; Cybersecurity flaws can have consequences such as fines and liability in litigation. In the case of operating internationally, there are laws of other countries to comply with. A SOC 2 audit contributes to mitigating the cybersecurity risk with suppliers and as long as the audit knows the subject, it can strengthen its evaluations and better support the internal control system of companies. How can we help you? Approach your current and potential customers with confidence and give them confidence and transparency. We provide SOC 2 Help by guiding our clients through the full SOC process to ensure a clean report is obtained. Our approach is focused on efficient, transparent, and tailor-made compliance assurance. Source Url: https://medium.com/@soc2guru/soc-2-auditing-for- cybersecurity-controls-ec5b7f10392f

More Related