ABOUT OUR GUIDES

Best Practices Series AssuranceLab’s Guides

Our Best Practices Series is about finding harmony between your compliance goals and fit-for-purpose business practices. Meeting the requirements of industry standards while achieving real operational benefits.

We explore why the ‘best practices’ are important, and how you can implement the right approach for your unique business, culture, and context.

alab-why-us-team-working-together-1
3

PROCESS-LIGHT COMPLIANCE

Can you be agile and compliant?

As the leading provider of SOC 2 reports to SMB SaaS businesses in Asia-Pacific, we get a lot of questions about how to achieve InfoSec compliance in a ‘process-light’ or ‘fit-for-purpose’ way.

Can you achieve SOC 2 and other standards without being ‘process-heavy’ and over-burdening your business with ‘compliance’?

PART O1

Control environment

The control environment supports the broad business objectives through people, governance and
management activities.

Best practices - talent management

Talent Management

Finding, developing and retaining talent in your people investment to achieve your business objectives.

 

Best practices - employee 2

Employee Onboarding

Starting your employees off on the right foot, aligning to your culture, objectives, and clarity of expectations.

 

PART O2.1

Information & communication

Collecting and using the right information to effectively manage your operational practices and
communicate with internal and external stakeholders.

Best practices - I&C Checklist

I&C Checklist

There's a broad range of practices that lay the foundation for effective information & communication.

 

Best practices - user comms

PART O4

Data protection

Defined processes and practices for identification, assessment and response to risks that threaten
your objectives, and your controls to manage those risks.

Best practices - privacy

Privacy

Recognising and responding to individual preferences and sensitivities of personal data that is collected and used.

 

Best practices - data

Data Management

Managing critical data to ensure it is available, accurate and appropriate to support the system objectives.

 

PART O5

System operations

System Operations monitors and manages the systems to ensure continuity of services and
effective response to adverse events.

Best practices - Availability

Availability

Ensuring your service operates continuously with redundancy, backups and response plans.

 

Best practices - Incidents

Incidents

Defined processes and steps to identify, classify, respond to and resolve unplanned adverse events.