In this topicSOC 2 and ISO 27001
Summary: This article addresses XMPie's SOC 2® adoption over ISO27001.
The SOC 2 audit testing framework is based on the Trust Services Criteria (TSC), which are used to identify various risks (points of focus) an organization should consider addressing. Based on the TSCs the organization selects to be in scope, the third-party compliance and audit firm evaluates whether the organization has the appropriate policies, procedures, and controls to manage the identified risks effectively.
Over the past years, an increasing number of companies in Europe have required SOC 2 reports so they can determine whether service providers have the necessary controls in place along the supply chain to protect the data of all parties involved.
The SOC 2 report is more in-depth than an ISO 27001 certificate. With the result of a SOC 2 assessment being an extensive attestation report up to 150+ pages in length, it tends to give a company’s partners and clients a higher level of detail about their security posture compared to the result of an ISO 27001 audit, which is simply a one-page certification letter. This is one of the leading reasons why the cybersecurity compliance norm in Europe is beginning to welcome SOC 2 as an excellent supplemental security framework.
XMPie cultivates a culture of security by design. Secure Software Development Life Cycle (Secure SDLC) is a software engineering culture that unifies software development, deployment, security, and operations.
XMPie successfully completed SOC 2 assessment for data security excellence. For more information, click here.
Created by: Nahum Cohen on December 2024