The PCI DSS requires that an organization have configuration standards for devices that make up their infrastructure such as firewalls, routers, load balancers, switches and servers.  That includes devices that exist virtually as well as those that exist physically.

The impacts of COVID-19 may have caused your company to change up processes and work outside of what is normal operations.  Below are some best practices to consider in getting back to “normal” for the current and future SOC reporting periods.

The impact of COVID-19 has meant making quite a few changes in a rapid fashion to help ensure business continuity. As you work to continue to serve your clients while also supporting a mostly remote workforce, you may have lost focus on the operation of your internal controls.

New types of incidents are occurring all the time as cyber criminals continue to evolve. The question is, are you continuing to evolve and prepare for these incidents?

A common reason that a service organization may request that the privacy trust service category be covered in its SOC 2® examination, when it may not really be necessary, is related to a misconception of what privacy within the context of the SOC 2® examination actually covers.

As business as usual changes, it is important to educate and reinforce security awareness training among employees and introduce them to new security considerations in a work from home environment.