ISAE 3402 Certified Review
Business Requirement
One of the Telecom outsourcer was
looking to get ISAE 3402 certified with
respect to both basic compliance and
implementation and the entire road path
of 6 months this included both control
testing and document validation.
They had to comply with key 68 process areas and have to align documentation in major 15 categories for which SOC control templates were not available.
They had to comply with key 68 process areas and have to align documentation in major 15 categories for which SOC control templates were not available.
Identified Process Challenge
The following challenges were noticed as part of the
Engagement:
- Having a team skilled across multiple technologies
- Missing or incomplete documentation on the required processes
- Multiple templates tools and absence of basic hygiene on policies and procedures
- Frequently varying scope, requirements, and timelines
- No SME for Policy and procedure structure for SOCI and SOC 2 reviews. No proper evidence captured across key areas
- Tech configuration of firewall, maintaining security across remote and onsite options
Audit Approach
he Engagement team had identified the solutions
or each of the challenges presented by performing
he following:
- ISAE 3402 content management design that haf structure of workflow, process policy. procedure and document capturing was provided
- Assigned 2 qualified auditors for review across Security program, policy and procedure
- Provided interim and final gap report across eneric and specific areas to comply with
- SOC 1 review and gap analysis completed and structure and directory of process areas fixed in SharePoint
- Data clean up, Data structuring and enablement of metrics for ISAE requirements compliance
- Enabled risk library with domain & technology risks
Business Benefit and Result
- Compliance to ISAE 3402 SOC specifications
- Timely closure of requirements
- Automation Of policy and content management up to transaction level