This blog is the second in a series covering the benefits of Adding a SOC report to your annual PCI audit (or vice versa). Catch up on the first blog here.

When considering whether to move forward with the PCI DSS and SOC 2 reporting process, it is important to take the following considerations into account in order to maximize the value you will receive.

Measure twice, cut once 

The carpenter’s motto “measure twice, cut once” applies to these projects.  Don’t short-circuit the planning phase. It’s much better to be well organized at the beginning so that the ensuing weeks unfold rapidly with everyone on the same page.   There are many opportunities to line up existing data security projects, such as your PCI DSS, SOC 2, HIPAA, and penetration testing efforts and perform them concurrently.

Save time by sharing evidence with your team of PCI DSS and SOC service providers once

Your PCI DSS and SOC work can be performed simultaneously to save your team time and money.  By ensuring the PCI DSS and SOC 2 are planned in advance, the evidence request lists can be consolidated and the planning, interview, status and closing meetings can all be performed concurrently.  This provides more output for the same number of meetings and saves substantial time over completing one audit and then performing the other.  

Receive a quote for both PCI DSS and SOC 2 at the beginning

You have every right to know the cost of the project from the beginning.  Experienced providers will know in advance how much to charge and won’t treat your project as an exploratory mission.  

Hire experienced providers

Making sure that your PCI DSS and SOC 2 providers have done this before will save you time and energy as you go through the process.  They will have seen several solutions for your challenges and offer you choices so that your control processes are optimized to meet your needs effectively and efficiently.  

Choose a provider that has collaborated with others

If you are working with a cybersecurity firm and a CPA firm, you want to know that they have an optimized relationship and workflow. Ask if they’ve jointly provided these types of projects in the past, and know the best ways to share evidence, reduce your overall level of effort and deliver what they promise.  

 

Pondurance and Barnes Dennig

Pondurance and Barnes Dennig are two of the leading data security providers in the midwestern United States.  We offer comprehensive data security services, including managed securityPCI DSS and SOC reportingContact us here, or call 513-241-8313 to learn more about the services we provide or to get a quote.