CASE STUDY # 3
Evaluation of SOC2 Compliance and Certification
Client Industry: Human Resourcing
Client Environment: Microsoft 365 and Azure (Security GRC focused)
The Problem/Opportunity
- The client had a potential customer requiring that they be SOC2 certified before using their service and products with new opportunities.
- They were using a vendor/product (Secure Frame) to help them, but they needed additional IT and security expertise to bring the environment into compliance.
- Needed to be certified by a specific date.
The WME Solution
- We executed our standard security and evaluation process to assess their entire infrastructure.
- Then, we created and executed an aggressive plan to implement all the recommendations from our evaluation tools.
- We engaged with the vendor and mapped the internal accomplishments into their product.
Challenges Encountered and Solved:
- Working within a short deadline proved challenging, but we took the client on board and committed to working whatever hours it needed to meet the objectives.
- We had to come up with a way to rapidly assist with the overall approach to compliance and use AI & automation.
The Final Outcome
- We successfully managed and assisted the client in getting SOC2 certified.
- We implemented AI-based RPA tools to help with the automation of services and components to quickly provide compliancy as well as certification.
- Finally, we were able to incorporate CCPA, ISO, GDPR, NIST, HIPPA, FEDRAMP-M, and SOC 2 as an overall structure to assist with multiple compliances.
