Question

Write a proposal to pursue the SOC 2 Type II compliance. Please be sure that your proposal meets all the following requirements:

Explains the differences between SANS and SOC compliance

Provides rational as to why SOC 2 was chosen for XYZ Technologies.

Gives a timeline for when the project will begin and end, also including the major milestones along the way.

Answer 1

SANS COMPLIANCES:-

SANS 20 security controls laid down the most crucial security controls that the organisation should implement in its working to prevent the overall risk of data breach.

as per the various organisations, if these controls were implemented in an organisation,94% of the risks pertaining to the security would be mitigated.

while all the sans controls are important from the point of view of an organiation there arte two security controls that are often misused, or not implemented correctly:-

1.continuous vulnerability assesment and remediation

2.penetration testing and red team exercises.

SOC COMPLIANCES:-

SERVICE ORGANIZATION CONTROL(SOC) COMPLIANCES is an audit of internal controls to ensure security of data, minimal wastage of resources and confidence of shareholders of confidence at large.

this compliance helps the auditors in sucha way that it reduces the audit time of auditor becauseSOC reports cover a strong report on internal audit of an organisation thereby reducing the costs of auditor at large.

users of SOC services are as follows:-

any organisation who cannot afford to lose their confidential data,banks and investment houses, data centers ,etc.

WHY SOC 2 WAS CHOSEN FOR XYZ TECHNOLOGIES?

because it covers the areas such as processing integrity, security,confidentiality of controls present at the organisation.

offer great assurance to customers and stakeholders associated with the organisation at large compared to theSANS reports