Securing company operations, data, and resiliency
The technology-centric world we live in today presents many challenges. Data and information are everywhere, from our voice assistants to our streaming services. It’s the responsibility of service providers to keep these environments secure. This isn’t a new concept; privacy concerns and security measures have been around for a long time.
So, how can a company protect its service and clients’ data while also demonstrating this to the wider world and its customers?
Two common answers are SOC and ISO 27001.
Both SOC and ISO 27001 are ways to prove that a company takes security seriously. They both show that a company has looked at its risks and taken steps to address them. SOC is common in the USA and involves an auditor checking a company’s controls at a specific point in time. ISO 27001 is an ongoing certification with regular check-ins to make sure the company’s security management system is always up to par.
Which is better?
Neither is necessarily better than the other; it depends on what’s right for the company.
At Pulsate, we chose to get ISO 27001 certification. This means we have regular internal and external audits that look at different aspects of our security every six months. We see this as a complete way to keep the company secure and help us grow responsibly.
Holistic approach
The ISO 27001 standard covers many areas, which means that if we make a change in one area, it might affect another. We implement security controls in layers to make sure we’re resilient to changes and can provide better service to our clients.
People first
Our biggest asset to security is our people: staff, vendors, and customers. Our staff receives training from the start so they know what’s expected with ISO 27001. We aim to create a culture where people feel comfortable asking questions, understand their responsibility to keep data safe, and know they can grow with the company. This thinking goes into everything we do.
Compliance across the waters
Part of our approach to security is looking at compliance across the board. We’ve built our system to not only meet our requirements but also to be aware of our customer’s requirements. With headquarters in Ireland and business in the US, this can be tricky, but it’s worth it.
Fail to prepare, prepare to fail
A big part of security is being prepared. Our plan is to continuously find ways to simplify, automate, improve, and react. Good communication between teams means we can quickly identify areas that need work. This helps us adapt to change and minimize problems.
But X is better than Y right?
Some people prefer ISO 27001 because it’s a more robust set of controls that cover all aspects of the company’s security. Some people prefer SOC because it’s a more direct review at a specific time.
In simple terms, ISO 27001 is a document that requires a company to look at its industry and evaluate its risks. It then asks the company to minimize those risks using a set of 93 controls. SOC has similar concepts, but it uses 5 categories and 13 criteria to assess a company’s security.
Infosec FAQs
- Is Pulsate SOC compliant? We meet the requirements of SOC in our security management system.
- Is Pulsate looking to do SOC? Currently, our system covers the criteria of SOC, and the ongoing audits of ISO 27001 are similar to SOC.
- Can I see X policy? Our external policies are provided in our due diligence package. We don’t share internal policies or procedures as a general rule.
Want to know more about how Pulsate’s infosec policy compares to others? Reach out to Pulsate’s in-house expert, Ross!
