Some of the biggest gaps that require remediation consist of the following
Missing Documentation
Information security policies and procedures are some of the most time-consuming efforts when it comes to SOC 1 SSAE 18 remediation. Most service organizations are good at what they do, but not too terribly good at documenting what they do. Because of this, policies and procedures become a real challenge for regulatory compliance. Luckily, NDB offers our clients complimentary SOC 1 SSAE 18 – and SOC 2 – information security templates when we engage with them. This is a saving to the tune of thousands of dollars and dozens of operational man-hours.
Insecure Configuration Settings
Many times, service organizations have insecure configured systems, those that need to be corrected for SOC 1 compliance. Perhaps it is weak passwords, poor firewall configuration files, or any number of other issues.
Are you familiar with File Integrity Monitoring (FIM)? How about Data Loss Prevention (DLP) and internal and external vulnerability scanning? These are just a few of the prescriptive requirements when undertaking a SOC 1 Type 1 or SOC 1 Type 2 assessment. The overall SOC 1 framework is now adding in a number of security controls for ensuring service organizations stay abreast of emerging security issues, threats, and concerns.
NDB has years of experience in working with service organizations in helping identity and implement a robust set of tools for SOC 1 compliance. We can save you both time and money – what’s more – we have extensive experience in identifying tools that work with the big three cloud players – Amazon AWS, Microsoft Azure, and Google GCP.