ABOUT OUR GUIDES

Best Practices Series AssuranceLab’s Guides

Our Best Practices Series is about finding harmony between your compliance goals and fit-for-purpose business practices. Meeting the requirements of industry standards while achieving real operational benefits.

We explore why the ‘best practices’ are important, and how you can implement the right approach for your unique business, culture, and context.

contact us book a call
alab-why-us-team-working-together-1
3

PROCESS-LIGHT COMPLIANCE

Can you be agile and compliant?

As the leading provider of SOC 2 reports to SMB SaaS businesses in Asia-Pacific, we get a lot of questions about how to achieve InfoSec compliance in a ‘process-light’ or ‘fit-for-purpose’ way.

Can you achieve SOC 2 and other standards without being ‘process-heavy’ and over-burdening your business with ‘compliance’?

read more

PART O1

Control environment

The control environment supports the broad business objectives through people, governance and
management activities.

SOC 2 Code of Conduct

Code of Conduct

This little 'compliance' document can resolve some tricky situations, and even enable your desired culture.

READ MORE 

2. Talent Management

Talent Management

Finding, developing and retaining talent in your people investment to achieve your business objectives.

 

46a561_a59fb7db5f0646c6aad5efd96bbf464b_mv2

Employee Onboarding

Starting your employees off on the right foot, aligning to your culture, objectives, and clarity of expectations.

 

SOC 2 Policies

Policies

The policies set out the requirements of each key functional area to provide clarity
and accountability.

READ MORE 

SOC 2 Management Meetings

Management Meetings

Management meetings provide the governance of your organisation. There's three layers to consider.

READ MORE 

10. Governance Meeting

Governance

The policies set out the requirements of each key functional area to provide clarity
and accountability.

READ MORE 

PART O2.1

Information & communication

Collecting and using the right information to effectively manage your operational practices and
communicate with internal and external stakeholders.

Checklist robots

I&C Checklist

There's a broad range of practices that lay the foundation for effective information
and communication.

 

SOC 2 Customer Communications

Customer Comms

Effective communication is a necessity to building long term users, but also improving security outcomes.

READ MORE 

SOC 2 System Boundaries

System Boundaries

The system boundaries identify and communicate where responsibility shifts to your customers and vendors.

READ MORE 

PART O2.2

Risk management & internal controls

Defined processes and practices for identification, assessment and response to risks that threaten
your objectives, and your controls to manage those risks.

SOC 2 Vendor Management

Vendor Management

The basic processes to manage third-party providers protects your business and customers interests.

READ MORE 

SOC 2 Risk Management

Risk Management

A defined approach to your risk management transforms this intuitive practice into an enabler of your success.

READ MORE 

SOC 2 Control Framework

Control Framework

The control framework puts formal ownership and monitoring in place to achieve effective control practices.

READ MORE 

PART O3

System security

System security covers the technical security protections and surrounding processes to ensure
access to sensitive data is limited to the right people.

SOC 2 Perimeter Security

Perimeter Security

Defining and protecting the boundary of your security and ensuring your information assets are protected.

READ MORE 

SOC 2 Access Control

Access Control

Managing internal and external users to
your systems to limit access to
authorised personnel.

READ MORE 

SOC 2 Acceptable Use Policy

Acceptable Use Policy

Setting out the role of all your employees to protect the security of your systems and customers data.

READ MORE 

PART O4

Data protection

Defined processes and practices for identification, assessment and response to risks that threaten
your objectives, and your controls to manage those risks.

Security Complete View

Confidentiality

Classifying and handling data in a way that is appropriate to the nature and sensitivity of that data.

READ MORE 

9. Privacy

Privacy

Recognising and responding to individual preferences and sensitivities of personal data that is collected and used.

 

4. (Green) Data Management

Data Management

Managing critical data to ensure it is available, accurate and appropriate to support the system objectives.

 

PART O5

System operations

System Operations monitors and manages the systems to ensure continuity of services and
effective response to adverse events.

Availability

Availability

Ensuring your service operates continuously with redundancy, backups and response plans.

 

3. Business continuity

Business Continuity

Planning for major adverse events that threaten the continuity of your services
and operations.

READ MORE 

Image-4-Incident-management-process-(1200x926px)

Incidents

Defined processes and steps to identify, classify, respond to and resolve unplanned adverse events.

 

PART O6

Change management

Change management is ensuring the integrity of your systems through controlled software
development and infrastructure configuration practices.

SOC 2 Change Priorities

The Change Backlog

Managing change priorities and requirements to achieve a balance of short and long term business objectives.

READ MORE 

SOC 2 Software Changes

Software Changes

The Software Development Lifecycle is a series of process elements to manage
changes effectively.

READ MORE 

User Communications

Change Comms

Release communications ensure change impacts are understood to protect your users information security.

READ MORE