Many organizations, especially in regulated industries such as finance and healthcare are working to achieve SOC 2 certification and compliance. SOC 2 certification and reports provide organizations with an attestation that the organization has specific information security standards in-place. SOC 2 is especially useful for third-party vendors who may provide SOC 2 certification as validation for enterprise security procurement.
SOC 2 defines a set of standards for managing customer data based on five trust service criteria – security, availability, processing integrity, confidentiality and privacy. These standards are outlined in the AICPA 2017 Trust Services Criteria (TSC). Organizations are assessed on one or more of these criteria and standards and must go through a security audit order to obtain a SOC II Type I and SOC II Type II report to validate security standards to clients and partners.
Dash Adding AICPA SOC 2 Controls
Dash has integrated the latest SOC 2 standards, including the latest AICPA 2017 Trust Services (TSC) into the Dash ComplyOps platform alongside Dash continuous compliance monitoring features.
This means for all current Dash cloud scans Dash has created applicable mappings to SOC 2 and Trust Service Criteria. Organizations can now navigate to the Dash Compliance Center and see all SOC 2 controls related to individual issues. In addition, SOC 2 standards may be defined for user created custom scans, allowing teams to build custom cloud security scans and relate new controls to appliable SOC 2 standards.
SOC 2 Controls and Inventory
In addition to mapping all Dash scans and checks to SOC 2 standards, Dash now provides a SOC 2 inventory of all controls. Teams can go to the Report Center and navigate to the AICPA SOC 2 Report to see the status of all SOC 2 standards related to Dash connected policies, scans, and additional controls. All controls have a green or red status and provide security teams with a real-time look into where cloud security controls are in-place or lacking.
Teams can utilize this report to see the current status of their SOC 2 security standards, determine potential security issues, and provide validation of security controls to SOC 2 auditors.
Streamline SOC 2 Compliance
Achieving SOC 2 certification, requires that organizations prove that they maintain a robust security program and controls across their organization and infrastructure. While this may seem like a cumbersome process, it is possible to streamline the process with proper planning. Dash ComplyOps makes it easy for your team to build policies and standard operating procedures, set security controls and prepare for a SOC 2 audit and certification.
Organizations operating in Amazon Web Services (AWS) and the public cloud can utilize Dash ComplyOps to easily set cloud security controls, find SOC 2 related security issues, prepare for a SOC 2 audit. It is our hope that Dash helps organizations streamline the SOC 2 certification process and achieve certification quicker.
See how Dash can help your team build your Cloud Compliance Program and achieve SOC 2 Type I or SOC 2 Type II in the cloud