The initial consulting engagement was to assist in preparing the organization for a SOC2 Type 1 Audit focusing on Web Hosting services.
Service Organization Controls (SOC2) Audit Type 1 is performed to test that IT controls are properly designated and implemented. This client’s web hosting service customers requested an audit of the IT controls to assure that their customer data was protected. I evaluated existing policies, procedures & controls related to SOC 2 requirements and completed a GAP analysis. Results of the analysis concluded that the client approach to risk and control requirements is ad hoc and disorganized, without communication and monitoring. I recommended the development of a comprehensive Information Security Policy document. I also provided the client with a proposed best practice controls framework.
As a result of the success of this project, the client requested additional consulting help. The additional engagement included drafting the Information Security Policies and a Disaster Recovery Plan. As part of the Information Security Policy development, I assisted the client with Information Classification to ensure that information assets received an appropriate level of protection. This project was also completed on time and to the client’s satisfaction.