Businesses are building and deploying a wide variety of cloud computing platforms within AWS – such as SaaS, PaaS, and IaaS – and are also being asked for annual SOC 2 Type 1 and Type 2 reporting. Here’s what service organizations need to know now about becoming SOC 2 compliant when using Amazon AWS’ services
ATLANTA (PRWEB) JANUARY 02, 2019
Businesses are building and deploying a wide variety of – such as SaaS, PaaS, and IaaS – and are also being asked for annual SOC 2 Type 1 and Type 2 reporting. Here’s what service organizations need to know now about becoming SOC 2 compliant when using Amazon AWS’ services.
1. Start with a SOC 2 Scoping & Readiness Assessment: Learning about SOC 2 – all the technical merits and other important considerations – begins by performing a comprehensive SOC 2 scoping & readiness assessment.
2. Assess Scope and Ownership of Controls: Businesses using will need to assess, determine, and confirm who has ownership of various controls that will be assessed during a SOC 2. The earlier this is known, the greater the chances for auditing success, efficiency, and removal of scope creep issues. In all reality, this is a relatively straightforward process, something NDNB performs with clients every day.
3. Determine the Applicable Trust Services Criteria (TSP): Which of the TSP are going to be included in the scope of a SOC 2 audit and why? Do you have client commitments for certain TSP’s? What is the basis for choosing the relevant TSP’s? Important questions you need to get answers to, and NDNB can assist.
4. Identify Amazon AWS Tools and Solutions to be Used: Amazon has numerous security, identity, compliance, and management tools and solution that greatly assist in the SOC 2 auditing process. Get to know them, and they’ll help ensure compliance with numerous SOC 2 testing criteria.
5. Perform Essential Remediation: Correcting control gaps and deficiencies is a common practice during the SOC 2 auditing lifecycle, no question about it.
About NDNB
Founded in part by former Arthur Andersen and BDO Siedman auditors, NDNB is a nationally recognized firm specializing in a wide-range of regulatory compliance audits, I.T. audits, and other compliance & assurance needs for organizations in select markets. Our personnel have years of experience in our select chosen fields of work, possessing a sound working knowledge, interpretation and solid understanding of all relevant regulatory compliance issues and mandates currently affecting our clients.
We have a national “footprint” for our services, our work is highly regarded, and we are often mentioned as the viable, cost effective alternative to the Big 4 accounting firms. Notable services from NDNB include the following: SOC 1 (SSAE 16/SSAE 18), SOC 2, SOC 3, EI3PA, ACH Audits, MERS compliance, internal audits, and more. Learn more about NDNB's services today.
