Request a cybersecurity demo from DefenseStorm

Cybermind

Covering all things cybersecurity

DefenseStorm’s SOC 2 and What it Means to YOU

SOC 2

One of the most important ways DefenseStorm demonstrates to its customers the security, confidentiality, availability and processing integrity of the Data Security Platform is by complying with the rigorous SOC 2 framework.  SOC stands for ‘Service Organization Controls’ and is governed by the AICPA (American Institute of Public Accountants).  A SOC 2 is criteria based and the service organization (e.g. DefenseStorm) can elect to choose four of the five trust services principles (TSPs) that apply.  A SOC 2 must have the ‘Security’ trust services principle, and the Service Organization can choose the other principles that apply (Availability, Processing Integrity, Confidentiality and/or Privacy).

DefenseStorm has four Trust Services Principles that apply to its control environment for SOC 2:

  • Security. The system is protected against unauthorized access, use, or modification.
  • Availability. The system is available for operation and use as committed or agreed.
  • Processing integrity. System processing is complete, valid, accurate, timely, and authorized.
  • Confidentiality. Information designated as confidential is protected as committed or agreed.

DefenseStorm leadership has taken proactive steps to comply with the SOC 2 framework since the company’s inception in 2015.  The company engaged a trusted, and highly experienced, consultant, to help prepare for SOC 2 compliance. In 2015, DefenseStorm successfully obtained the SOC 2 Type 1 Report (Point in Time; Design of Controls) and followed up in 2016 and 2017 obtaining the SOC 2 Type 2 Report (Period of Time; Operating Effectiveness of Controls).

Recognizing the importance of having audit/compliance as a permanent position in the company, DefenseStorm created and staffed a Risk and Compliance position. Having a permanent audit/compliance function on staff, combined with external auditor, Skoda Minotti, to independently validate DefenseStorm’s IT environment, provides management and customer assurance that the IT controls remain strong to:

  • properly secure customer data and keep it confidential
  • maintain availability of systems
  • ensure processing integrity procedures are in place to monitor for data completeness

 

DefenseStorm’s successful internal implementation and continuous compliance with SOC 2 are based on the following factors:

Corporate Governance & Human Resources

  • Strong tone at the top for compliance from executive management; having an internal mantra to ‘always do the right thing’
  • Robust corporate and IT policies and procedures as well as enforcement mechanisms for non-compliance
  • Execution of Quarterly compliance meetings with department managers
  • Rigorous background checks for employees and contractors

 

Communications

  • Fostering open communications between departments and employees if / when potential security, system and operational issues arise

 

Logical and Physical Access

  • Strong network, infrastructure, physical and logical access controls of internal systems
  • Secure data transmissions into, through and out of the Data Security Platform
  • Execution of periodic vulnerability scans and penetration tests over the network and internal systems
  • Providing user access based on the ‘Need to Know’ principle

 

Software Development

  • Utilizing strict engineering software development, testing and implementation principles for the Data Security Platform and

 

Continuous Monitoring

  • Executing periodic internal and third party risk assessments
  • Automated monitoring of availability and processing integrity
  • Continuous monitoring of key IT controls by Guardian and Compliance

 

Interested in learning more about DefenseStorm’s Data Security Platform? Click Here! 

Leave a Reply

Your email address will not be published. Required fields are marked *

NOT SURE YOU'RE SECURE?

Request Your Complimentary Assessment
Grab our latest eBook - Security Data Platform Webinar on October 12th - Space is limited!