CASE STUDY # 5
SOC2 Compliance & Certification
Client Industry: Legal
Client Environment: Microsoft 365 and Azure (Security GRC focused)
The Problem/Opportunity
- The client had multiple issues and concerns confronting them.
- They were concerned about the security and compliance of their environment.
- As a law firm, they had multiple customers demand they have the appropriate security compliance certifications (SOC 2, CCPA, ISO, GDPR, etc.)
- They needed to be certified by a specific date.
The WME Solution
- We not only provided evaluation services but also provided extra IT help so that the current IT team could focus more on security & compliance.
- We created a SharePoint repository for them to store their security policy and documents.
- We automated various services and elements by introducing AI and RPA tools for faster compliance and certifications.
- We organized an encompassing framework using CCPA, ISO, GDPR, NIST, HIPAA, FEDRAMP-M, and SOC 2 to help with different compliance requirements.
Challenges Encountered and Solved:
- The customer’s environment had many problems. There were significant IT issues and short deadlines that depleted their IT resources.
- Working within a short deadline proved challenging, but the customer was willing and ready to work whatever hours needed to meet the objectives.
- We had to swiftly make our strategy to enhance compliance efforts using AI and automation.
The Final Outcome
- We evaluated the client’s whole system using our standard security and scanning process.
- We created and executed an aggressive plan to implement all the recommendations from our evaluation tools.
- We successfully improved client’s internal compliance scores and helped them prepare for certifications.