Reaching SOC 2 goals and future-proofing the company's security program
The Student Loan company uses Ostendio to handle:
- Document management - with all the features of a fully operational Document Management System, the Ostendio platform serves as the central repository and access point for all policies, procedures, contracts, SOPs and any other critical documentation. Workflow powers document approvals acknowledgment processes, allowing Ostendio to track both approvals and acknowledgements across all documents and for all users.
- Asset management - tracking their physical assets as well as ownership and location.
- Employee training - a full Learning Management System allowing for the creation, distribution, and assessment of training.
- Assessments - The Student Loan company used this module to pre-build assessment questionnaires for their chosen regulations and standards while also creating ad-hoc and custom assessments.
- Policy and Procedure Templates - these allowed the Student Loan company to map to many common information security and privacy templates when creating their data security program.
- Risk Management - The Student Loan company uses this module to identify and create mitigation strategies around risk management
After completing basic preparation with the Ostendio Professional Services support team, the Student Loan company was ready to select an audit partner for their SOC 2 audit. Ostendio Auditor Connect makes it easy to find and contract with a specialized auditor who can perform the SOC2 audit using the Ostendio platform. The Student Loan company selected A-LIGN as their audit partner. “The Ostendio Auditor Connect feature is an innovative way for clients and auditors to connect and contract for an audit engagement,” said Michelle Moreno, Ostendio Professional Services Director and ISO.
“Auditor Connect allows clients and auditors to collaborate real-time over documentation that has been provided and avoids time consuming, confusing emails of spreadsheets and word documents."
With both the client and auditor (A-LIGN) using the Ostendio platform, the Student Loan company saved time and money. The Ostendio platform allows both parties to communicate through the platform, sharing the required documents and discussing the policies that are required. This speeds up the audit process and makes completing a SOC 2 audit easier, and more cost effective, for all parties involved. The Student Loan company has successfully completed their first SOC 2 Type II audit and has built a robust data security program. In future years, using the Ostendio platform to complete the audit will be easier as the initial setup with relevant and operationalized documentation is already complete. As the company grows it can continue to use the Ostendio platform for all its data security and risk management needs. The platform maps to over 100 regulations and standards globally making it easy for customers to map their existing compliance documents and evidence to additional standards.