DefenseStorm, a leading cloud-based cybersecurity and cybercompliance management provider to regional and community banks and credit unions, successfully completed a System and Organization Controls (SOC) 2® Type II Audit examination for their security data platform in August 2019. DefenseStorm retained international business advisory firm Skoda Minotti for its SOC 2® audit work. DefenseStorm selected Skoda Minotti after an intensive search based on their reputation as a leading risk advisory and compliance firm.
Ben Osbrach, CISSP, CISA, QSA, CICP, CCSFP, partner-in-charge of Skoda Minotti’s risk advisory group says, “We were excited to work with DefenseStorm from the very start. They are an intriguing organization delivering high quality services and their business adds to our growing SOC reporting practice.”
SOC 2® engagements are performed in accordance with the American Institute of Certified Public Accountants’ (AICPA) AT-C 205, Reporting on Controls at a Service Organization and based on the trust service principles outlined in the AICPA Guide, Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy. The SOC 2® Type II report is performed by an independent auditing firm and is intended to provide an understanding of the service organization’s suitability of the design and operating effectiveness of its internal controls. A service organization may select any or all of the trust service principles applicable to their business and DefenseStorm chose to report on security, availability, processing integrity, and confidentiality. The successful completion of this voluntary engagement illustrates DefenseStorm’s ongoing commitment to create and maintain a secure operating environment for their clients’ confidential data.
Skoda Minotti’s testing of DefenseStorm’s controls included examination of their policies and procedures regarding network connectivity, firewall configurations, systems development life cycle, computer operations, logical access, data transmission, backup and disaster recovery, and other critical operational areas of their business. Upon completion of the audit, DefenseStorm received a Service Auditor’s Report with an unqualified opinion demonstrating that their policies, procedures, and infrastructure meet or exceed the stringent SOC 2® criteria.
“The successful completion of our SOC 2® Type II examination audit provides DefenseStorm’s clients with the assurance that the controls and safeguards we employ to protect and secure their data are in line industry standards and best practices,” said DJ Landreneau, Chief Customer Officer.
About DefenseStorm
DefenseStorm provides cybersecurity and cybercompliance solutions specifically built for banking to achieve and maintain Cyber Safety & Soundness. The DefenseStorm GRID™ is the only co-managed, cloud-based and compliance-automated solution of its kind, operating as a technology system and as a service supported by experts in FI security and compliance. It watches everything on a bank or credit union’s network and matches it to defined policies for real time, complete and proactive cyber exposure readiness, keeping security teams smart and executives accountable. FFIEC CAT and ACET requirements are built-in and automated, as can be other frameworks and an FI’s own policies, to achieve Active Compliance™. A Threat Ready Active Compliance (TRAC) Team™ augments a bank or credit union’s internal team to protect business continuity and skills availability while also ensuring cost-effective coverage and management. DefenseStorm is a NAFCU Services Preferred Partner for cloud-based cybersecurity. www.DefenseStorm.com
About Skoda Minotti
Skoda Minotti is a Certified Public Accounting Firm based in Cleveland, OH offering a variety of tax, finance, and business advisory services in virtually every area of business. The Risk Advisory practice specializes in SOC Reporting, PCI DSS Compliance, FISMA, NIST, and other regulatory information security assessments. Staff in Skoda Minotti’s Risk Advisory hold several industry certifications including Certified Information Systems Auditor (CISSA), Certified Information Systems Security Professional (CISSP), Qualified Security Assessor (QSA), GIAC Penetration Tester (GPEN), and GIAC Web Application Penetration Tester (GWAPT). For more information about Skoda Minotti’s Risk Advisory Services, please visit skodaminotti.com/risk
View source version on businesswire.com: https://www.businesswire.com/news/home/20191114005518/en/