information security: how assent protects your data - soc2 & information security best practices

[email protected] | www.assentcompliance.com | TEL: 1 866 964 6931

Information Security:How Assent Protects Your Data

SOC 2 & Information Security Best Practices


Today’s Moderator

Laura SweetAssent ComplianceCompliance Services


Assent Product Suites

Ethical Sourcing

Materials Management

Supplier Information Management

Inspections & Audit Tools

Configurable Surveys & Declarable

Substance Lists


Today’s Presenter

Rob ScrimgerAssent ComplianceCorporate Security Officer


What You Need

Introduction Information & data drives business

As a leader in your company, you are responsible for keeping your data safe

But…

In a global economy you also have to share it

How do you make sure your data is safe outside your network?


Common Approaches to Due Diligence

What Most Companies Do? Contract stipulations

Questionnaires

Site visits

Third-party auditors


How SOC 2 Helps

Benefits of SOC 2 Provides a standard based third-party audit Covers all the major business functions

Organization & Management Communications Risk Management Monitoring & Controls Logical & Physical Access Control System Operations Change Management


In A Nutshell

SOC 2Based on Statement on Standards for Attestation (SSAE 16) and Attestation Engagements (AT 101)

Auditors verify;

For each common criteria in the AICPA guide the auditors will evaluate the policies and procedures in place to ensure that criteria is fully covered

For each policy or procedure the auditors will ensure there is a control activity that ensures there is proof the policy or procedure is followed every time.


Why is SOC 2 Important to You?

Provides an audited report Auditors are accredited Covers the important topics Speeds up the process No more dealing with questionnaires You can concentrate on specific

requirements Up-to-date standard


Security Dangers Without SOC 2

Very hard to prove that someone is actually doing what they promise without boots on the ground

Corporate practices are not always covered in questionnaires

Only have the company’s word


Assent & SOC 2

Why is your data safe with us? We started very early on with the SOC 2 process

We are expanding our program to include audits twice a year

We are also looking at other accreditations as the security team grows

Security and development work hand in hand ensuring your data is always safe


Questions to Ask Your Current Software Vendor

Do they have a SOC 2 audit?

What were the results and what did they do about it?

When is their next audit?

Who are their auditors?

Questions


[Webinar] Chapter 3: Looking ahead: Human Rights Reporting and AccountabilityWednesday, August 23rd | 1PM EDT

Upcoming Educational SummitsOctober 20, 2016 | ChicagoNovember 17, 2016 | BostonFebruary 8, 2017 | San Jose

Joint Materials Management Conference with Tetra TechDecember 1, 2016

Upcoming Events: Webinars & Conferences

More details to come at:www.assentcompliance.com/events

http://www.assentcompliance.com/events

http://www.assentcompliance.com/events


Any Questions?

Thank You