Getting through a SOC 2 audit with your nerves intact (Ep. 426)

As soon as an organization reaches a sure dimension, their clients may begin asking for proof that it has good safety and information habits. They wish to know if there’s a enterprise continuity plan in place in case catastrophe strikes. For a lot of firms, formalizing this proof means submitting to an auditing course of often called SOC 2. For those who’re a developer at one in all these firms, notably when you present or use SaaS purposes, you’ll find yourself having to implement the controls these audits require. 

On this sponsored episode of the podcast, Ben and Ryan speak with James Ciesielski, CTO and co-founder, and Megan Dean, info safety and threat compliance supervisor, each of Rewind. We discuss how one can prep for and efficiently get via a SOC 2 audit, how backing up your SaaS data can present enterprise continuity, and the advantages of creating a relationship along with your auditor. 

A SOC 2 report exhibits your clients the extent of safety controls that you’ve in place. It’s based mostly on the auditing requirements set by the American Institute of Licensed Public Accountants. You inform them what controls you will have in place and so they confirm it. As soon as an organization begins attracting enterprise-level clients, a SOC 2 turns into vital. 

Corporations carry out SOC 2 audits utilizing a wide range of instruments: typically it’s purpose-built SaaS instruments; typically it’s a cascade of spreadsheets. In the end, what’s vital is offering an audit path in your controls, a file that proves that your safety does what you declare it does. Belief, however confirm. 

The method can develop difficult, as firms can have 100 to as many as 300 SaaS purposes operating of their enterprise. That’s plenty of vital enterprise information on another person’s cloud. Many of those SaaS purposes function information on the shared duty mannequin: they make sure the service is on the market and safe, and you make sure that your information is correct and safe. 

A key a part of these safety controls is catastrophe restoration and enterprise continuity. Think about that you simply’re utilizing a SaaS software to trace your audit course of. What occurs if a disgruntled worker wrecks your information, or your cat walks over your keyboard, hitting simply the fitting mixture of keys to delete one thing vital? Or what when you unwittingly get flagged on a T&C violation and get deplatformed? Your audit path could possibly be misplaced when you haven’t upheld your finish of the shared duty mannequin and backed up your information. 

In the end, having consultants who know the method will help. Your auditor, too, could be a useful resource, so get to know them. They need you to succeed. They wish to enable you to enhance your audit course of as a result of it makes their lives simpler. 

Tags: backups, partner content, partnercontent, soc 2, the stack overflow podcast

More Posts