NDB is a leading provider of SOC 2 audits for Texas service organizations operating in the Amazon AWS cloud environment.
Texas’ Leading Provider of SOC 2 Reports for Amazon AWS Cloud Environments
It’s no secret that more and more businesses are migrating to the cloud – primarily to Amazon AWS, Microsoft Azure, and the Google Cloud Platform (GCP). It’s also no secret that for the tens of thousands of businesses – for which we call “service organizations” in the world of regulatory compliance, will need to have an annual SOC 2 audit performed.
NDB is Texas’ leading provider of fixed-fee SOC 2 audit services for service organizations operating in the Amazon AWS cloud (We also offer SOC 2 audits for service organizations operating in Microsoft Azure and the Google Cloud Platform-GCP). Wherever you’re located in the Lone Star State – Austin, Dallas, Houston, San Antonio, and other surrounding areas, NDB offers the following SOC 2 services to Texas businesses using Amazon AWS:
Scoping & Readiness Assessments: New to the SOC 2 auditing process, then consider undertaking a SOC 2 scoping & readiness assessment for helping you properly scope, plan, remediate, and execute your audit with a high degree of efficiency and cost-effectiveness. Why a scoping & readiness assessment? Simple, you need to know exactly what your business is getting into in terms of compliance. Specifically, what’s the actual scoping boundaries? What controls require remediation? What personnel are going to be involved in the overall audit process? These are just a few examples of the benefits of a SOC 2 scoping & readiness assessment.
Internal Control Remediation: The vast majority of businesses seeking SOC 2 compliance generally have two core challenges in terms of audit remediation. First, their documentation is weak – often missing, antiquated, and poorly written – thus updating is needed. Second, technical and security controls need to be strengthened and re-configured. Both of these initiatives can take time – and money – and its why NDB offers proven services and solutions for helping businesses become SOC 2 compliant.
Type 1 and Type 2 Reporting: Businesses operating in the Amazon AWS cloud can benefit from NDB SOC 2 Type 1 and SOC 2 Type 2 reporting options. While a SOC 2 Type 1 report is issued for a “point in time”, such as January 31, 20xx, a SOC 2 Type 2 report is issued for a “test period”, such as January 1, 20xx to June 30, 20xx. Ultimately, you’ll want to migrate and perform annual SOC 2 Type 2 reports as this is what the compliance market demands and expects. Why? Because SOC 2 Type 2 reports clearly illustrate how mature – or lack thereof – one’s control environment is over a prescribed period, and not just a point in time (i.e., SOC 2 Type 1 audit report).
Continuous Compliance Reporting: Congratulations on becoming SOC 2 compliant, but now the real funs begins in that you’ll need to put in place comprehensive initiatives for “maintaining” compliance. Long after the auditors are gone and your SOC 2 report has been issued, you’ll need to develop a standardized methodology for ensuring one’s internal controls are operating effectively. NDB can help. How? By offering industry leading “Continuous Compliance” initiatives for assessing and enhancing – as needed – one’s policies, procedures, and related processes. We’ve been helping businesses all throughout Austin, Dallas, and Houston with such initiatives.
Additional Complimentary Services: Many of the tools needed for security, governance, and compliance reporting for SOC 2 audits for AWS environments are available from AWS themselves. That’s right, the challenge, however, is finding an expert in helping assess, deploy, configure, and monitor those tools, and that’s what NDB offers. We’ve been working with AWS customers for years in helping them build, deploy, and architect their solutions, resulting in rapid deployment in terms of auditing requirements. From audit trails/audit logging to File Integrity Monitoring, access control – and more – we know AWS inside and out.
Amazon AWS Architecture Overview
The AWS Cloud provides a broad set of infrastructure services, which include computing power, storage options, networking and databases – all delivered as a utility: on-demand, available in seconds, with pay-as-you-go pricing. From data warehousing to deployment tools, directories to content delivery, over 100 AWS services are available. Additionally, new services have the ability to be provisioned very quickly, without upfront heavy capital expenses and related costs. Ultimately, this a wide-range of organizations, such as start-ups, small and medium-sized businesses, and customers in the public sector to access the necessary resources they need to respond quickly to changing business requirements.
A Massive – and Growing – Customer Base
AWS has a massive active customer base in more than 200 countries, and they’re rapidly expanding their infrastructure to help customers achieve lower latency and higher throughput, ultimately ensuring that their data resides only in the region they specify. Therefore, as customers grow their businesses, AWS will continue to provide infrastructure that meets their global requirements.
Understanding Regions and Availability Zones
The AWS Cloud infrastructure is built around Regions and Availability Zones (AZs). A Region is a physical location in the world where we have multiple AZs. AZs consist of one or more discrete data centers, each with redundant power, networking, and connectivity, housed in separate facilities. These AZs offer you the ability to operate production applications and databases that are more highly available, fault tolerant, and scalable than would be possible from a single data center. The AWS Cloud operates 42 AZs within 16 geographic Regions around the world, with five more Availability Zones and two more Regions coming online in 2017.
Each Amazon Region is thus specifically designed to be completely isolated from other Amazon Regions. Ultimately, this allows for the greatest possible fault tolerance and stability. While each AZ is isolated, the actual AZs in Region are connected through low-latency links. AWS provides customers with the flexibility to place instances and store data within multiple geographic Regions as well as across multiple Availability Zones within each Region. Each Availability Zone is therefore designed as an independent failure zone.
Physical Separation for Superior Uptime
Therefore, this means that Availability Zones are physically separated within a typical metropolitan region and are located in lower risk flood plains (specific flood zone categorization varies by Region, etc.). In addition to discrete uninterruptable power supply (UPS) and onsite backup generation facilities, they are each fed through completely different grids from independent utilities for the purpose of further reducing single points of failure. AZs are all redundantly connected to multiple tier-1 transit providers, an essential necessity for overall redundancy and the ability to deliver services to customers without interruption.
Why NDB for SOC 2 Services for AWS Cloud Environments
Because we’ve been working in the cloud long before other auditing and compliance firms even began to take note of it. We’ve successfully audited clients all throughout the country – and around the globe – for SOC 2 compliance for customers using the AWS cloud. NDB offers a superior range of services for SOC 2 auditing in the cloud – from scoping & readiness assessments to final issuance of SOC 2 Type 1 and SOC 2 Type 2 reports, and more – NDB is the go to firm.