Depending on your organization, if your organization is yet to acquire SOC 2 certification. The project manager will liaise with the audit team to get the project framework in acquiring a SOC 1 & 2 certification.
For study purposes;You can start your conversation or email like this:
I am the cybersecurity compliance analyst. The essence is to understand the timeline and the expectation from me and you with regards to SOC
Questions:
What should be done on our side.
Scope and purpose:
1. Can you provide a detailed explanation of the scope and purpose of the 13 SOC list you sent us?
2. Are we getting more SOC list? How will the information be exchanged.
Controls:
3. Could you specify the exact controls and criteria we need to implement and document for each SOC list.
4. How often should we plan for progress review meetings to ensure we are on track.
No comments:
Post a Comment