information security: how assent protects your data - soc2 & information security best practices
TRANSCRIPT
[email protected] | www.assentcompliance.com | TEL: 1 866 964 6931
Information Security:How Assent Protects Your Data
SOC 2 & Information Security Best Practices
[email protected] | www.assentcompliance.com | TEL: 1 866 964 6931
Today’s Moderator
Laura SweetAssent ComplianceCompliance Services
[email protected] | www.assentcompliance.com | TEL: 1 866 964 6931
Assent Product Suites
Ethical Sourcing
Materials Management
Supplier Information Management
Inspections & Audit Tools
Configurable Surveys & Declarable
Substance Lists
[email protected] | www.assentcompliance.com | TEL: 1 866 964 6931
Today’s Presenter
Rob ScrimgerAssent ComplianceCorporate Security Officer
[email protected] | www.assentcompliance.com | TEL: 1 866 964 6931
What You Need
Introduction Information & data drives business
As a leader in your company, you are responsible for keeping your data safe
But…
In a global economy you also have to share it
How do you make sure your data is safe outside your network?
[email protected] | www.assentcompliance.com | TEL: 1 866 964 6931
Common Approaches to Due Diligence
What Most Companies Do? Contract stipulations
Questionnaires
Site visits
Third-party auditors
[email protected] | www.assentcompliance.com | TEL: 1 866 964 6931
How SOC 2 Helps
Benefits of SOC 2 Provides a standard based third-party audit Covers all the major business functions
Organization & Management Communications Risk Management Monitoring & Controls Logical & Physical Access Control System Operations Change Management
[email protected] | www.assentcompliance.com | TEL: 1 866 964 6931
In A Nutshell
SOC 2Based on Statement on Standards for Attestation (SSAE 16) and Attestation Engagements (AT 101)
Auditors verify;
For each common criteria in the AICPA guide the auditors will evaluate the policies and procedures in place to ensure that criteria is fully covered
For each policy or procedure the auditors will ensure there is a control activity that ensures there is proof the policy or procedure is followed every time.
[email protected] | www.assentcompliance.com | TEL: 1 866 964 6931
Why is SOC 2 Important to You?
Provides an audited report Auditors are accredited Covers the important topics Speeds up the process No more dealing with questionnaires You can concentrate on specific
requirements Up-to-date standard
[email protected] | www.assentcompliance.com | TEL: 1 866 964 6931
Security Dangers Without SOC 2
Very hard to prove that someone is actually doing what they promise without boots on the ground
Corporate practices are not always covered in questionnaires
Only have the company’s word
[email protected] | www.assentcompliance.com | TEL: 1 866 964 6931
Assent & SOC 2
Why is your data safe with us? We started very early on with the SOC 2 process
We are expanding our program to include audits twice a year
We are also looking at other accreditations as the security team grows
Security and development work hand in hand ensuring your data is always safe
[email protected] | www.assentcompliance.com | TEL: 1 866 964 6931
Questions to Ask Your Current Software Vendor
Do they have a SOC 2 audit?
What were the results and what did they do about it?
When is their next audit?
Who are their auditors?
Questions
[email protected] | www.assentcompliance.com | TEL: 1 866 964 6931
[Webinar] Chapter 3: Looking ahead: Human Rights Reporting and AccountabilityWednesday, August 23rd | 1PM EDT
Upcoming Educational SummitsOctober 20, 2016 | ChicagoNovember 17, 2016 | BostonFebruary 8, 2017 | San Jose
Joint Materials Management Conference with Tetra TechDecember 1, 2016
Upcoming Events: Webinars & Conferences
More details to come at:www.assentcompliance.com/events