+- SOC-CMM forum (https://www.soc-cmm.com/forum)
+-- Forum: SOC-CMM (https://www.soc-cmm.com/forum/forumdisplay.php?fid=1)
+--- Forum: SOC-CMM development (https://www.soc-cmm.com/forum/forumdisplay.php?fid=4)
+--- Thread: Which extension should be done to the business domain? (/showthread.php?tid=3)
Which extension should be done to the business domain? - robvanos - 02-20-2019
The SOC-CMM survey has indicated that some users are looking for additions to the SOC-CMM business domain. Which additions should be considered?
RE: Which extension should be done to the business domain? - darren.bnm - 04-10-2019
Probably 2.2.9 - Human Resource
Remarks - Disciplinary review of web accesses habits or other employee system reviews that are legally allowed such as in the case of harassment
RE: Which extension should be done to the business domain? - robvanos - 04-10-2019
Agreed! Web access habits could be a compliance issue as well, so I suppose the compliance department is also a potential customer. That's probably true for all departments concerned with policy violations.
I hadn't considered harassment yet, but of course if it contains a digital component forensic analysis or monitoring could be called upon. I'll add this to the next release of the SOC-CMM.
RE: Which extension should be done to the business domain? - ashirvadrai@gmail.com - 04-12-2020
Compliance, Data Privacy and Data Ownership are areas that impact a SOC team operationally as part of incident response process. Cohesion and effective involvement of Data Protection officers/function in SOC process is important. Please see if you can cover this as an area of extension of Business Domain.