- Products & Services
- Knowledge Base
LOS ANGELES, CA, January 04, 2019 /24-7PressRelease/ -- Service Organizations are building and deploying a wide-range of cloud computing platforms within AWS – such as SaaS, PaaS, and IaaS – and are also being asked for annual SOC 2 Type 1 and Type 2 reporting. Here's what service organizations need to know now about becoming SOC 2 compliant when using Amazon AWS' services.
1. Start with a SOC 2 Scoping & Readiness Assessment: Learning about SOC 2 – essentially all the technical merits and other important considerations – begins by performing a comprehensive SOC 2 scoping & readiness assessment.
2. Assess Scope and Ownership of Controls: Businesses using Amazon's AWS services will need to assess, determine, and confirm who has ownership of various controls that will be assessed during a SOC 2. The earlier this is known, the greater the chances for auditing success, efficiency, and removal of scope creep issues. In all reality, this is a relatively straightforward process, something NDNB performs with clients every day.
3. Determine the Applicable Trust Services Criteria (TSP): Which of the TSP are going to be included in the scope of a SOC 2 audit and why? Do you have client commitments for certain TSP's? What is the basis for choosing the relevant TSP's? Important questions you need to get answers to, and NDNB can assist.
4. Identify Amazon AWS Tools and Solutions to be Used: Amazon has numerous security, identity, compliance, and management tools and solution that greatly assist in the SOC 2 auditing process. Get to know them, and they'll help ensure compliance with numerous SOC 2 testing criteria.
5. Perform Essential Remediation: Correcting control gaps and deficiencies is a common practice during the SOC 2 auditing lifecycle, no question about it.
Founded in part by former Arthur Andersen and BDO Siedman auditors, NDNB is a nationally recognized firm specializing in a wide-range of regulatory compliance audits, I.T. audits, and other compliance & assurance needs for organizations in select markets. Our personnel have years of experience in our select chosen fields of work, possessing a sound working knowledge, interpretation and solid understanding of all relevant regulatory compliance issues and mandates currently affecting our clients.
# # #