When the CARES Act passed on March 27, 2020, an impressive $2 trillion became steadily available as federal relief and stimulus trickled out to the American people. Rampant discussion has followed the publication of these 800+ pages in attempts to simplify and guide the country toward all the opportunities to secure pieces of these funds; however, much of this discussion has been as overwhelming as the original act itself.
We have been discussing System and Organization Controls (SOC) reports and how they can be a used to establish and maintain trust between service providers and their customers. In our first blog, we covered a basic understanding of the benefits of SOC reporting. In our second blog, we covered the various kinds and types of SOC reports as well as how they are used to support compliance requirements. In this blog, we will tackle one of the most important questions: What information is most important when reviewing a SOC report?
As noted in our earlier blog, System and Organization Controls (SOC) can be helpful tool in establishing and maintaining trust between service providers and their customers. Yet there are still a lot of questions around SOC reporting: Which SOC report is right for my organization?
The rise in cloud-based technology and third-party solutions increases both the complexity and uncertainty of security and compliance responsibilities. Service providers and their customers need to understand how responsibilities are shared and split. This includes Software as a Service (SaaS), Infrastructure as a Service (IaaS), as well as operational solutions, such as credit card processing and billing, and IT, such as security monitoring and hosting services.
Impact Makers recently hosted Capital Kanban’s “The Art of Agile: The Art of War Interpreted with an Agile Lens” with a fantastic turnout. Speaker Megan Windle, a Certified Agile Coach and Certified Scrum Master (CSM), compared the ideas in Sun Tzu’s The Art of War with the principles of Agile, discussing Agile concepts and quotes from the book.
Many organizations know they must have the basics: hire a CISO, perform a risk assessment, and find security vendors to fill up the holes. Unfortunately, these are often mere boxes to check. Impact Makers’ former CISO Cathie Brown offers a few simple considerations in each of those steps that will strengthen your cybersecurity posture, like what to look for in a robust risk assessment and a trustworthy security vendor.
While most organizations have made some investments in each of the three building blocks of cybersecurity, many overemphasize “technology.” The most overlooked component are the “people,” which will actually make or break the effectiveness of your cybersecurity.