Make Your Problems Disappear
A company took on a new business line that included having access to some of the customer’s medical data. The customer required SOC certification of the company handling their sensitive data. The company was not prepared procedure and technology wise to pass the audit and certification.
SOC 2 certification ensures a customer is following industry standards for security protection and management. It covers all aspects from policy and procedures, to software and hardware compliance to employee training. Once a company has these controls in place for at least 6 months an audit can be scheduled. The preparation can be time consuming and expensive. The audit alone can cost $40K and must be done every year. Depending upon the state of the infrastructure and business complexity, upgrade costs can be in the $50K – $250K range. Click on the following link for more information about SOC.
Code Vapor was contracted to oversee upgrading the hardware and software, manging the technology vendors and writing policy and procedures. Once completed the staff needed to be trained and an internal audit done before the SOC audit could be scheduled. Code Vapor represented the company during the audit.
Over a period of one year Code Vapor helped the customer prepare for the audit. Below is a high level summary of the major changes that were made.
After a year of preparation and six months of compliance testing, a SOC audit firm was called in and the customer passed the audit.