Anyone who has been through a SOC 2 audit knows how much time and information goes into completion.
With Resolver, David and his team are able to manage their entire SOC 2 process in one solution. “When you look at how the audit process for SOC 2 follows the COSO principles, you realize how many controls that you need to define and manage. I couldn’t imagine doing this without a tool like Resolver. We’ve been able to easily extract controls and go back and forth with our auditors and then push the controls and any needed updates out to the organization. This is not only a huge time-saver but makes it so easy for us to implement and manage controls.”
Lone Wolf has been able to simplify the audit process for stakeholders across the organization.
“A real game-changer is how we’ve been able to effectively organize the audit in areas that are specific to each of the respective control owners. Each control owner has their own view allowing them to focus on items specific to their area. It allows them to get their work done quickly and accurately. It eliminates confusion and makes the process much more streamlined. Resolver sends request notifications to control owners and will follow up with reminders when necessary. At the start of the audit process, auditors are granted access to Resolver where they can review each control with attachments containing supporting evidence submitted by the control owner. The security team, control owners and auditors are also able to communicate within Resolver sharing comments or requests for additional information at the control level. Previous audits are archived and can be reviewed when necessary.”
Since using Resolver’s IT Risk & Compliance applications, hosted on the AWS platform, they saw a gap in their Vendor Risk Management process and implemented Resolver to ensure that their entire audit process was in one place. “Our goal is to make the audit process as seamless as possible for both ourselves and external auditors, by keeping all of our information in one place that is easily accessible.”
David and his team are confident using Resolver for their SOC 2 audit process. “Moving forward, certifications will be much easier. When starting a new audit cycle, controls will be carried over from the previous assessment allowing control owners the ability to upload fresh evidence for the new audit cycle. All of the information will already be there, and we’ll only have to validate and review. This means that we can gain our certification with confidence and provide assurance to our customers.”
Resolver’s Information Security Management solution automates IT risk and compliance processes to reduce cost, resources and effort required to effectively manage cybersecurity programs, provide risk oversight to executives and the board and achieve IT certifications such as SOC 2, ISO 27001 and others.