Establishing Compliance with SOC 2 Security Implementation
The Client is a provider of a Robo-advisory platform offering financial and non-financial firms the ability to integrate and benefit from the shift in digital wealth. Based in Singapore, they market their services globally. The Client observed an increased need from their clients and prospects for audit reports such as Service Organisation Control (SOC) 2 to gain assurance on its information security controls and gain competitive advantage in the marketplace.
The project started with a scoping exercise with the Client to understand their needs and requirements of SOC 2 based on their current set of IT infrastructure.
Pragma then reviewed the Client's IT environment and identified gaps against standards such as MAS TRM and SOC 2 focusing on security, availability, processing integrity, confidentiality and privacy controls in the organisation. We also helped and enabled the Client to implement technical solutions such as Tripwire, Sophos, AWS GuardDuty and AWS VPN, and set up their back-up and patch management. Pragma also helped to establish policies and procedures to meet these standards and best practices.
The work we produced helped the Client understand their information security risks and allowed them to mitigate many of these risks through our recommendations and solutions. We also helped to prepare the Client in undertaking external audits should they pursue them in the future.