Cyber Risk Quantification and Management for Natural Gas Production
'CRQM for Natural Gas Production' is written by DeNexus' Director of OT Cybersecurity, Donovan Tindill.
As companies increasingly leverage the cloud to store customer data, SOC 2 compliance is the industry kitemark for safety and quality when it comes to cyber security. Jamie Lynn Bussin Director of Compliance at DeNexus explains why this accreditation is a must-have for all companies storing client information in the cloud.
What is a SOC 2 Type 2 compliance?
SOC 2 Compliance, developed by the American Institute of Certified Public Accountants (AICPA), is designed for service providers that store customer data in the cloud. SOC 2 is a unique security framework since it is focuses mostly on proving the security controls that protect customer data.
The standard requires a technical audit, but also that companies establish and follow strict information security policies and procedures.
Why does this compliance matter and who is it important to?
The accreditation demonstrates the security controls that we have implemented to ensure our customers data is handled in a secure manner, which translates into more sales, increased customers’ trust, and the protection of sensitive data.
SOC 2 reassures our customers and (re)insurers that we know the steps that are needed to be take in the event of a cyberattack, and that we can protect sensitive information. At a minimum an annual incident response tabletop exercises is performed.
In addition to incident response, SOC2 focus on business continuity and disaster recovery requiring policies, procedures and committee meetings.
At DeNexus, we operate under the SOC 2 compliance as part of our commitment to the security of our clients’ data in a digital world.
How does SOC2 work?
SOC 2 defines criteria for managing customer data is based on five ‘trust service principles’– security, availability, processing integrity, confidentiality and privacy. Each company implements the trust service principle that is applicable to its core business.
Some example controls required by these principles are encryption of data in rest and transit, network segmentation, and role-based access control.
A third-party audit is performed to assess if the required controls are being successfully implemented. The auditor creates a report, Type 2, that documents their findings to demonstrate effectiveness of the company’s security controls. This report can be shared with the customers.
Is DeNexus looking to achieve any further security recognitions?
Yes, we are aiming to be ISO 27001 certificated by the beginning of 2023. The ISO 27001 certification will mature our security posture even more by adding additional security controls to manage data protection.
Find out more DeNexus' about second generation risk quantification product here.
'CRQM for Natural Gas Production' is written by DeNexus' Director of OT Cybersecurity, Donovan Tindill.
'Cyber Risk Quantification and Management for Electric Power Generation Systems' is written by DeNexus' Director of Cybersecurity, Juan Carlos...
'CRQM in Electric Transmission and Distribution Systems' is written by DeNexus' Director of Cybersecurity, Juan Carlos Cortinas.