What is SOC?
A Service Organization Controls (SOC)
What is the AICPA?
Who can perform a SOC audit?
Audits must be completed by an external auditor from a licensed CPA firm
What is WISP?
WRITTEN INFORMATION SECURITY PLAN (WISP)
What are the top policies and procedures needed for a SOC audit?
- Information Security Policy
- Access Control Policy
- Password Policy
- Change Management Policy
- Risk Assessment and Mitigation Policy
- Incident Response Policy
- Logging and Monitoring Policy
- Vendor Management Policy
- Data Classification Policy
- Acceptable User Policy
- Information, Software and System Policy
- Business Continuity and Disaster Recovery