This article provides guidance on how to get your business compliant with PCI, HIPAA, GDPR, FedRAMP, SOC 2 by leveraging cloud services of AWS, GCP and Azure. Organizations providing IT Managed Services, Software Development, Software as a Service, infrastructure-as-a-service, platform-as-a-service tend to have their application products hosted on the cloud environments. In order to achieve compliance with standards of PCI, HIPAA, GDPR, FedRAMP, and SOC 2, organizations must implement the controls specified in the SOC 2 Trust Services Principles. These controls include: Security: Organizations must ensure the security of their systems and data, including protection from unauthorized access and malware. [...]

The AICPA Assurance Services Executive Committee (ASEC) has developed a set of criteria (trust services criteria) to be used when evaluating the suitability of the design and operating effectiveness of controls relevant to the security, availability, or processing integrity of information and systems, or the confidentiality or privacy of the information processed by the systems at an entity, a division, or an operating unit of an entity. The following table presents the trust services criteria and the related points of focus. In the table, criteria and related points of focus that come directly from the COSO framework are presented [...]

Is your client information and data safe? How will you assure it? Two very important questions for which you should have very clear answers if you offer IT services to your clients. If you are an IT service organization you must meet your clients’ great demands for the security of their data. The SOC 2 report provides assurance in the following areas: Infrastructure – Physical and virtual resources supporting the IT environment you use to deliver your services Software – application and system software you use for data processing People – individuals responsible for service delivery to a client Data – data [...]