This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
SOC Assessment report deliverable for a customer
#1
I am conducting a SOC assessment for customer and SOC-CMM is a great help in asking right questions. Do you have any report/deliverable templates that I can use to craft a report ?
Reply
#2
I do not have a template for such a report, but I can give you an outline:

1. Management summary. Always start with this
2. Background. Profide the assessment background. A bit of information of the company profile, its current SOC outline, the reason for doing an assessment (goals), and the ambitions of the SOC. The ambitions can be used to defined the target maturity level.
3. Methodology. How was the assessment conducted? e.g. time spent, methods for gathering of information, methods for analysis, models, additional information, etc.
4. Results. Provide the high-level results of the assessment. It helps to provide these results per domain to structure this chapter
5. Recommendations. The results provide information about the strengths and weaknesses of the SOC. This part looks at the results, finds underlying causes and provides recommendations on how to proceed. This can be detailed (e.g. create or modify the existing chapter to include several aspects) or more high-level (the span of control of the manager is too big, consider appointing team leads) or generic (documentation is missing or insufficient across the board)
6. Summary and conclusion. Summarize your findings and provide your overal conclusion
7. Annex: detailed results from the assessment (sheets provided seperately). You can also create a table mapping the findings to the recommendations an providing a score to prioritize these efforts. This score can be used to create a roadmap for improvement: tackle the items with highest priority first, and the items that these high-priority findings depend on (even if those have a lower priority). The roadmap can be part of the assessment, but it depends on the scoping of the assignment.

Note: also mention things that are going well. Assessors / auditors sometimes have a tendency to only focus on things that are not going well, which can give a much more negative impression than is actually the case.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)