Cyber Security: Policies and Procedures needed for SOC1 / SOC2

What is SOC?

A Service Organization Controls (SOC)

 

What is the AICPA?

American Institute of Certified Public Accountants (AICPA)

 

Who can perform a SOC audit?

Audits must be completed by an external auditor from a licensed CPA firm

 

What is WISP?

WRITTEN INFORMATION SECURITY PLAN (WISP)

 

 

What are the top policies and procedures needed for a SOC audit? 

 

  1. Information Security Policy
  2. Access Control Policy
  3. Password Policy
  4. Change Management Policy
  5. Risk Assessment and Mitigation Policy
  6. Incident Response Policy
  1. Logging and Monitoring Policy
  2. Vendor Management Policy
  3. Data Classification Policy
  4. Acceptable User Policy
  5. Information, Software and System Policy
  6. Business Continuity and Disaster Recovery

 

 

 

 

Kon Belieu

 

Similar Posts

Leave a Reply