SOC Accreditation - Remote Audit
A remote audit facility for SOC (Security Operations Centre) Accreditation has been developed to reduce the need for travel and help ensure more timely and effective audits. It provides an alternative to on-site audits and will help meet the increased international demand for SOC Accreditation, without compromising the high CREST standards.
CREST’s detailed and comprehensive SOC Assessment Criteria looks at six key areas of a SOC:
- Organisational Environment
- Customer Requirements
- Technology and Tools
- Event Analysis
- Threat Intelligence & Situational Awareness
- Protecting the SOC
The first stage to accreditation involves completing the application via the CREST Membership Portal, which asks questions about processes, policies and methodologies. The second stage is the detailed audit conducted by a qualified auditor within six months of the application.
The remote audit solution maintains the very high standards of the audit itself and allows the CREST audit team to review documentation, conduct interviews and site tours with the same rigour and attention to detail as an onsite visit.
In advance of the audit, CREST will discuss the process with the organisation’s SOC team to ensure that all SOC criteria are covered and technology requirements are reviewed to delivering an effective audit. The audit will start with a review of documentation and records, observations of processes and methodologies, interviews with the SOC staff and a remote video tour of the SOC environment. All data and evidence will be noted and included in the final audit report, held under a CREST NDA.