Scribd Logo
Upload

Welcome to Scribd!

  • SOC 2 Readiness Checklist

    Uploaded by

    asokan
    85 views1 page
    The document provides a checklist for organizations to prepare for a SOC 2 audit and assessment. It outlines gathering documentation on IT infrastructure, policies, controls and selecting an auditor. The checklist includes collecting cloud provider reports, vendor agreements, developing security policies, implementing controls across systems, determining the audit scope and criteria, and selecting a reputable audit firm. The document promotes Dash ComplyOps as a solution to help build and maintain a SOC 2 program.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document provides a checklist for organizations to prepare for a SOC 2 audit and assessment. It outlines gathering documentation on IT infrastructure, policies, controls and selecting an auditor. The checklist includes collecting cloud provider reports, vendor agreements, developing security policies, implementing controls across systems, determining the audit scope and criteria, and selecting a reputable audit firm. The document promotes Dash ComplyOps as a solution to help build and maintain a SOC 2 program.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    85 views1 page

    SOC 2 Readiness Checklist

    Uploaded by

    asokan
    The document provides a checklist for organizations to prepare for a SOC 2 audit and assessment. It outlines gathering documentation on IT infrastructure, policies, controls and selecting an auditor. The checklist includes collecting cloud provider reports, vendor agreements, developing security policies, implementing controls across systems, determining the audit scope and criteria, and selecting a reputable audit firm. The document promotes Dash ComplyOps as a solution to help build and maintain a SOC 2 program.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 1

    Dash Solutions

    SOC 2 Readiness Checklist

    Gather IT Infrastructure/Cloud Security Documentation


    Organizations should gather all relevant security documentation, attestations from their cloud
    provider or infrastructure provider. Teams may consider gathering documents including:
    • Cloud provider SOC Reports (SOC 1, SOC 2, SOC 3)
    • Service Level Agreements (SLAs)
    • Business Associates’ Agreements (BAA)

    Gather Contractor and 3rd Party Vendor Agreements


    In addition to gathering IT infrastructure, documentation, organizations should collect all
    agreements and NDAs signed with contractors and third-party vendors and software companies.

    Create Administrative Security Policies


    Teams preparing for SOC 2, should develop administrative policies based around the
    organization’s technologies, staff structure and security goals. Administrative policies should
    provide the standard operating procedures for managing SOC 2 internal controls. Policies should
    address topics including – Security Roles, System Access, Disaster Recovery (DR), Risk
    Assessment & Analysis, and Security Training.

    Set Technical Controls


    Security team members should implement all necessary internal security controls across the
    cloud environment and IT infrastructure. Teams should enforce security controls including:
    • Encryption • Backup Settings
    • Access Control • Intrusion Detection
    • Network and Firewall • Vulnerability Scanning and Patching

    Determine Scope For SOC 2 Assessment


    SOC 2 reports evaluate service organizations on one or more of the five Trust Service Criteria
    (TSC) – Security, Availability, Processing Integrity, Confidentiality, and Privacy. Teams should
    consider what criteria will be assessed under a SOC 2 audit.
    • Determine whether and audit will cover SOC 2 Type I or SOC 2 Type II report.
    • Determine which Trust Service Criteria (TSC) will be evaluated in the SOC 2 report.

    Select An SOC 2 Auditor


    After preparing security program, organizations should select a reputable SOC 2 audit firm. A
    SOC 2 audit may only be conducted by an AICPA-affiliated firm. Teams should look for a firm that
    has worked with similar size/type companies and has experience conducting previous SOC 2
    audits.

    Learn how Dash ComplyOps provides teams with a solution for building, monitoring, and
    maintaining a SOC 2 security program in the public cloud and achieve SOC 2 type 2.

    hello@dashsdk.com +1 267-567-3552 www.dashsdk.com

    You might also like