Research Paper MIS - SOC 2 Compliance

profilesirivasu
BA_602_MIS_SU_2018_GroupC.pptx

IT Compliance Plan for SOC 2

Campbellsville University

BA 60271 – Management of Information Systems

Su – 2018

Group C

Professor: Dr. Iris Billy

Team Roles and Responsibilities

Name ID Role and Responsibility
Sirisha Dumpa 558335 Project Manager – Ensure that the project is delivered at the right time.
Lakshmi Sai Donti Reddy 558453 Project Coordinator – Responsible for proper coordination with the team
Sai Nischal Dasari 558485 Researchers – Responsible for researching content related to the topic.
Sai Srinija Gogineni 556841
Ajeet Garikena 559161
Suhaib Ghulam 558715
Pallavee Gajera 558751 Script Writer - Responsible for writing the research paper using the content received from researchers
Vikas Dachepally 558670 Proof Reader – Proof read the content of the research paper to ensure there is no plagiarism.
Venu Madhav Datla 557495

Outline

Background:

SOC 2 compliance is a component of the American Institute of CPAs (AICPA)’s Service Organization Control reporting platform. Its goal is to make sure that systems are set up so that they assure security, availability, processing integrity, confidentiality, and privacy of customer data. SOC 2 is both a technical audit and a requirement that comprehensive information security policies and procedures are written and followed.

SOC 2 Compliance Plan

Key controls are defined

Ownership is allocated

A mechanism is specified to access data and information

A line of command is established with a chain of reporting in place

Roles and responsibilities are defined and communicated to the teams

Plan is executed

Accountability is established

SOC 2 Challenges:

While SOC2 compliance can have numerous benefits to a growing SaaS (Software as a Service) provider, obtaining SOC2 compliance has plenty of challenges.

Determining exactly which service offering(s) you want to make compliant

Defining the scope of the audit (or “examination” in SOC 2 parlance)

Deciding which Trusted Service Principles (TSPs) apply to you

Mapping your existing controls to the TSP criteria

Implementing any controls you do not have

Preparing for the SOC audit

SOC 2 Certification:

SOC 2 certification is issued by outside auditors. They assess the extent to which a vendor complies with one or more of the five trust principles based on the systems and processes in place. Trust principles are broken down into

Security

Availability

Processing Integrity

Confidentiality

Privacy

Implementing IT Governance to Ensure Regulatory Compliance

An effective IT governance framework could help institutions realize financial savings through the purchasing of institutional rather than departmental IT solutions and software site licenses.

Conclusion

While SOC 2 compliance isn’t a requirement for SaaS and cloud computing vendors, its role in securing your data cannot be overstated. If you are on the road to SOC2 compliance, it may seem like a long, endless journey.  However, like any compliance initiative, it is attainable if you break up the driving into more reasonable stretches.  Moreover, there are many ways to share the efforts for SOC2 compliance with other frameworks, such as PCI and ISO.  Lastly, when you make compliance an everyday business practice, the road will not seem as long and will be easier to drive as time passes.

3, 2017 Anitian • Aug. “The Road to Service Organization Control (SOC) 2 Certification.” MSSP Alert, 3 Aug. 2017, www.msspalert.com/cybersecurity-breaches-and-attacks/service-organization-control-soc-2-certification/.

Basham, Robin, and VP Security & Compliance. “Why Earn SOC 2 Certification.” Cavirin Systems, Inc., www.cavirin.com/blog/25-compliance/37-soc2-certification.html.

Martinez, Carlos. “Top 3 Challenges When Updating Your Compliance Framework.” Reciprocity, Reciprocity Labs, 11 Apr. 2018, reciprocitylabs.com/top-3-challenges-when-updating-your-compliance-framework/.

CIPT , Jeff Cook. “Trying to Comply with SOC 2? Things Just Got Easier.” Top 10 Operational Impacts of the GDPR: Part 6 - RTBF and Data Portability, 8 Jan. 2017, iapp.org/news/a/trying-to-comply-with-soc-2-things-just-got-easier/.

Wilkins, Travis. “9 Common Questions About SOC 2 Compliance – Threat Stack.” Threat Stack, www.threatstack.com/blog/9-common-questions-about-soc-2-compliance.

Incapsula.com, www.incapsula.com/web-application-security/soc-2-compliance.html.

References