finativ.co.uk Open in urlscan Pro
35.214.103.105  Public Scan

Form analysis
0 forms found in the DOM

Text Content

 * Home
 * About Finativ
 * Finativ Flex
 * Technology & Innovation Forum
 * Insights
   * Articles
   * News
   * Motor Finance White Paper
 * Contact



January 2, 2024


UNDERSTANDING ISO 27001 AND SOC 2 AS PILLARS OF GLOBAL DATA SECURITY

George Bernard Shaw was quoted in 1942 as saying, "England and America are two
countries separated by the same language." Much the same can be said about
standards.

The International Standards Organisation (ISO) created ISO 216, an international
standard for paper sizes, used around the world except in North America and
parts of Latin America. The standard defines the "A", "B", and "C" series of
paper sizes, including A4, the most commonly available paper size worldwide.
Anyone who has worked in printing or print technology will know the frustration
of creating systems that meet two standards.

Paper is not the only place where American exceptionalism (or, for the
historically minded, its 'manifest destiny') can cause problems. ISO 27001
provides a framework for how organisations should manage their data and provides
a framework and guidelines for establishing, implementing, and managing an
information security management system.

In the USA, SOC is the preferred standard. Developed by the American Institute
of CPAs (AICPA), SOC 2 (Systems and Organisation Controls) requirements indicate
that an organisation maintains a high level of information security. Strict
compliance requirements (tested through on-site audits) help ensure sensitive
information is handled responsibly.

There are several key differences between ISO 27001 and SOC 2, but the main
difference is in scope. ISO 27001 provides a framework for how organisations
should manage their data and prove they have an entire working information
security management system (ISMS) in place.

In contrast, SOC 2 focuses more narrowly on proving that an organisation has
implemented essential data security controls. ISO 27001 is about developing and
maintaining an ISMS, while SOC 2 audits the current security controls.

ISO 27001, therefore, requires more extensive compliance measures to achieve
certification.

ISO 27001 is a formal international security certification standard, and SOC 2
is a set of audit reports performed by an independent Certified Public
Accountant (CPA) or accountancy organisation.

Unlike SOC 2, ISO 27001 certification uses universal standards for every
industry and geographic location. However, SOC 2 is more flexible and
customisable to the specific organisation based on individual industry standards
and needs.

The result of a SOC 2 audit is an attestation report confirming an organisation
meets SOC 2 standards. SOC 2 is not a certification.

There is a very considerable crossover between the two standards, and in many
cases, they are interchangeable. But for firms working in the US, especially
those working with public bodies and large corporations, it may be necessary to
have both systems in place.

If you want to discuss this further, please contact Mark Stoddart at
mark.stoddart@finativ.co.uk

Quality


BE PART OF THE CONVERSATION


ENGAGE WITH SUBJECT-MATTER EXPERTS AND EXPLORE THE HOTTEST INDUSTRY TOPICS

Join our free online informal meeting on 28 September from midday to 1 pm

Choose which sessions you join and move around as you wish. Topics are based on
some of our recent newsletter articles.

Add to my diary now

RELATED POSTS

FINATIV: INSIGHT
January 3, 2024
Unlocking Operational Efficiencies: Introducing Finativ Focus 
January 2, 2024
2024 Outlook: Industry Experts Weigh In on the Future of SME Lending
January 2, 2024
Revving Up Resilience in Motor Trade Amidst Economic Headwinds
January 2, 2024
Block Funding: Friend or Foe?
January 2, 2024
Calling Invoice Finance Providers: Grow Your Business and Steal a March on Your
Competitors
January 2, 2024
The PPU Contribution to ESG
December 12, 2023
The Value of Data in PPU
November 20, 2023
FINATIV: INSIGHT
November 6, 2023
M&A: Where Have All the Deals Gone?
November 6, 2023


USEFUL LINKS

ContactAboutPrivacy
Follow us on LinkedIn

© Copyright 2024 Finativ - All Rights Reserved

Finativ Limited. Registered address: Castle House, Castle Street, Guildford,
Surrey GU1 3UW

Registration number: 14070347, registered in England and Wales. VAT number: 410
3264 51
We use cookies on our website to give you the most relevant experience by
remembering your preferences and repeat visits. By clicking “Accept All”, you
consent to the use of ALL the cookies. However, you may visit "Cookie Settings"
to provide a controlled consent.
Cookie SettingsAccept All
Manage consent
Close

PRIVACY OVERVIEW

This website uses cookies to improve your experience while you navigate through
the website. Out of these, the cookies that are categorized as necessary are
stored on your browser as they are essential for the working of basic
functionalities of the ...
Necessary
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly.
These cookies ensure basic functionalities and security features of the website,
anonymously.

CookieDurationDescriptioncookielawinfo-checkbox-analytics11 monthsThis cookie is
set by GDPR Cookie Consent plugin. The cookie is used to store the user consent
for the cookies in the category "Analytics".cookielawinfo-checkbox-functional11
monthsThe cookie is set by GDPR cookie consent to record the user consent for
the cookies in the category "Functional".cookielawinfo-checkbox-necessary11
monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to
store the user consent for the cookies in the category
"Necessary".cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR
Cookie Consent plugin. The cookie is used to store the user consent for the
cookies in the category "Other.cookielawinfo-checkbox-performance11 monthsThis
cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the
user consent for the cookies in the category
"Performance".viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie
Consent plugin and is used to store whether or not user has consented to the use
of cookies. It does not store any personal data.

Functional
Functional
Functional cookies help to perform certain functionalities like sharing the
content of the website on social media platforms, collect feedbacks, and other
third-party features.
Performance
Performance
Performance cookies are used to understand and analyze the key performance
indexes of the website which helps in delivering a better user experience for
the visitors.
Analytics
Analytics
Analytical cookies are used to understand how visitors interact with the
website. These cookies help provide information on metrics the number of
visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and
marketing campaigns. These cookies track visitors across websites and collect
information to provide customized ads.
Others
Others
Other uncategorized cookies are those that are being analyzed and have not been
classified into a category as yet.
SAVE & ACCEPT


linkedin-square