NCSA wiki will be offline Friday, Apr 19, 2024, from 1700 hours until Sun, Apr 21, 2024 in order to upgrade Confluence.
As previously discussed, NCSA’s Advanced Computing Healthcare Enclave is undergoing a SOC2 SOC 2 examination. This blog series will document our experiences, lessons learned and best practices.
During the initial drafting of our narrative and controls it became quickly apparent that a SOC2 SOC 2 examination cannot be limited to security and policy staff. You will not have an accurate narrative of our system and organizational controls without the input, knowledge and experience of the entire organization. To ensure that everyone was on board and providing the information and input we needed, we assigned broad control categories to division heads and/or group leaders as appropriate. Collecting the controls and processes involved both security policy staff and the control group assignees. Moreover, this would also involve the individual staff who were most familiar with the implementation of these controls and processes, and the security staff who ensured that they were properly implemented.
...
In the next post we’ll outline a workflow for how we’ve managed our controls and processes being examined during our SOC2 SOC 2 Type 2 phase.