What tools have been most helpful to gather evidence for a SOC 2 audit?

Regulatory Compliance
19.7k views1 Upvote5 Comments
Information Security Manager, 501 - 1,000 employees
At Yext we are SOC 2 Type 2 certified, which means that we have specific controls around confidentiality, availability, and security of our customer data. We have different teams that require access to databases - from Operations to Analytics and Developers. We need to make sure that those teams can be productive and access and data, but from the security and compliance side, we need to make sure that we can audit what's going on.We use strongDM to manage database permissions and log every query. Before strongDM we had to ensure that logging was turned on for each MySQL database and hope to catch a specific query in real time. We don’t normally keep MySQL logging on because of the abuse of IO and disk space requirements (especially on a busy database) so only after the fact would we have to make that judgement call. With strongDM we’re able to pull that log data in real time with no impact to the database. Having forensic data of every query run is very, very important from an auditing perspective and helped us achieve SOC 2 compliance.
1
VP of Global IT and Cybersecurity in Manufacturing, 501 - 1,000 employees
https://www.alienvault.com/solutions/soc-2-compliance
ex-CIO, 10,001+ employees
The right person with knowledge and skills in dealing with audits and auditors is more important than which tools to use. The bonus is that the 'right person' will probably know which tools are best suited to what audit.  My opinion only...
2
CIO, 1,001 - 5,000 employees
For our SOC2 audit we are not using a 3rd party tool for documentation collection. We simply use Excel and a folder hierarchy.
1
Partner in Software, 1,001 - 5,000 employees
Assuming you have some work loads in AWS there are a number of good solutions. I have looked closely at Orkus (full disclosure that I recently was asked to become and advisor). StrongPoint is also one to consider for relevant business applications

Content you might like

If you had a magic wand - what's the #1 daily business challenge you'd eliminate?

People & LeadershipStrategy & ArchitectureCloud+57 more
CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
142 19 Replies
Read More Comments
39.9k views130 Upvotes318 Comments

Can you make any recommendations based on similar experiences? We are looking for suitable participants for an RFI to obtain information on website ADA compliance providers and are looking for companies that leverage AI to help customers be compliant. My company is a large cruise line.

Applications & PlatformsDisruptive & Emerging TechnologiesEnd-User Services & Collaboration+2 more
7.3k views3 Upvotes

SEC cyber disclosure rules – do you think the new disclosure requirements should be scaled back or expanded?

Regulatory ComplianceGovernance, Risk & ComplianceSecurity Strategy & Roadmap

Scaled back – new requirements are too detailed31%

Expanded – new requirements aren’t detailed enough58%

Neither – new requirements are appropriate11%


62 PARTICIPANTS
454 views

Florida passed a statute that allows state agencies to exclude cybersecurity information from public records – do you know if there are any other state/local governments (or US gov't agencies) that omit this kind of information when it comes to procurement for cybersecurity products/services?

Security & GRCRegulatory ComplianceGovernance, Risk & Compliance+1 more
Senior Director of Engineering in Software, 501 - 1,000 employees
The state of California has been pretty active in this area (example: CCPA) so I wouldn't be surprised if they would do something similar to what the state of Florida is doing.
Read More Comments
1.6k views2 Upvotes7 Comments

Is your business considering becoming a payment facilitator?

People & LeadershipStrategy & ArchitectureGovernance, Risk & Compliance+20 more

Yes41%

No54%

Unsure3%


671 PARTICIPANTS
1.1k views2 Upvotes