SOC Audit Case Study

Team – Security Auditor/Governance Analyst, System Administrator (optional), Technical Writer (optional). Timelines – 1-2 weeks of the on-site fieldwork 2-4 weeks of follow-up work, depending on the scope; ongoing support (optional). Standard – SSAE 16 (SOC, SAS 70). Fees and Rates – economy airfare, accommodation, 70 CAD per diem, rates according to MSA.

GeeksForLess provides pre-audit evaluation, covering the controls and processes in the scope of SSAE 16 (SOC). The evaluation is performed on-site by a security expert. The key stakeholders are identified ahead of time and interviewed during the visit. The artifacts supporting the collected information about the controls and processes are requested and reviewed.The compliance gaps are identified, documented, and communicated to management through a checklist. Mitigation recommendations concerning the organization’s needs and capacities are a part of the checklist. Technical guidance facilitates the implementation and addresses the auditors’ requirements.

MANAGEMENT

• Risk Management
• Security Controls
• Review Lifecycle
• Authorize Processing (Certification and Accreditation)
• System

TECHNICAL

• Identification and Authentication
• Logical Access Controls
• System-based Audit

DELIVERABLES

Documents

• Readiness assessment report
• Findings and recommended mitigation steps
• Mitigation tracking checklist

Optional

• Risk assessment report
• Policies documentation
• Process documentation