Florida agencies, such as the Florida Highway Safety and Motor Vehicles (FLHSMV), are concerned that their partners have the appropriate internal controls in place to ensure that data is protected from unauthorized access, distribution, use, modification, and/or disclosure. To ensure that these standards are being met, state agencies and vendors must submit an Internal Control and Data Security Audit from a currently licensed Certified Public Accountant.
An Internal Control and Data Security Audit is required to demonstrate compliance with the Florida Cybersecurity Standards (FCS), Rules 60GG-2.001 through 60GG-2.006, Florida Administrative Code (F.A.C.) These standards incorporate guidance from the National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1, and the Federal Information Security Management Act of 2002 (FISMA) (44 U.S.C. S3541, et seq.).
To satisfy these requirements, companies should consider a SOC 2 report with a mapping to the Florida Cybersecurity Standards, to ensure all aspects of the FCS are addressed.
“We engaged Auditwerx for a SOC 2 audit of our fast growing cloud-based security service. The audit itself was thorough, but non-disruptive. The audit team was highly professional and very knowledgeable. We recommend Auditwerx’s SOC 2 services without reservation.”
A SOC 1 report could help demonstrate the IT general controls and business process controls in place to achieve control objective statements.