Need to assess technology or business risk? InfoX can help by performing an independent industry assessment, including the evaluation of controls in a process or organization.
Within the AICPA Statement on Standards for Attestation Engagements, a release in December 2014, a guide is defined for completing a SOC2 review. It is the SOC2 review scope to independently issue a report based on a processing method at a data centers or processing location. Organizations that request a SOC review will be referencing the AICPA trusted services guides for reviews to include identified scopes from the Trust Services Principles and Criteria for Security, Availability, Processing Integrity, Confidentiality, and/or Privacy. The result is an independent SOC report issued to present the findings based upon all or some of these criteria. These are covered under a type I or type II review and have a specified period of review coverage.
The identification, assessment, and prioritization of risks is a process that can be time consuming and extensive. InfoX can assist in creating a risk management plan, selecting appropriate controls or countermeasures to measure each risk. Once the business impact of each risk is determined, a plan to address each risk with avoidance, transference, mitigation or acceptance will be generated according to the asset’s value to the organization.
We can also help with Business Continuity Planning (BCP), Contingency Planning (CP), Incident Response Planning (IR), and Disaster Recovery Planning (DR). These major areas of risk planning are important to implement before and incident occurs, but having a response plan outlined is critical to assuring continued operations when things get tough. InfoX’s management, business and security experience can guide your enterprise to a compliant solution.