codemantra’s Product Engineering, Content Solutions and Full-Service Content Production are now SOC2 Type 1 audited.
SOC is designed to help service organizations that provide services to other entities, build trust and confidence in the service performed and controls related to the services through a report by an independent CPA. Service Organizations report is designed to help service organizations meet specific user needs.
Type 1 – report on the fairness of the presentation of management’s description of the service organization’s system and the suitability of the design and operating effectiveness of the controls to achieve the related control objectives included in the description throughout a specified period
With close to 20 years’ experience in the publishing industry, codemantra is an agile, engineering and technology-driven content services company.
Infrastructure, software, people, procedures and data are components of the system used to provide the services. The controls implemented in codemantra covers security, processing integrity, availability, and confidentiality, and also fulfill the requirements of IT Act 2000 Section 43 and Amendment 2008 Section 43A, highlighting the cyber security requirements such as computer operations, computer systems or computer networks.
Organization & Management
A documented organizational chart is in place to communicate organizational structures, lines of reporting, and areas of authority. Roles and responsibilities are well defined. Job descriptions are reviewed by the management annually. Job requirements are documented in the job descriptions, and candidate’s abilities to meet these requirements are evaluated.
System descriptions are communicated to authorized external users via service level agreement (SLA). codemantra’s security, availability, confidentiality and processing integrity commitments regarding the system are included in the master subscription agreement (MSA).
Risk Management & Design and Implementation of Controls
codemantra identifies risks to the achievement of its objectives across the entity and analyzes risks as a basis for determining how the risks should be managed. The entity selects and develops control activities that contribute to the mitigation of risks to the achievement of objectives to acceptable levels.
Monitoring of Controls
The entity selects, develops, and performs ongoing and/or separate evaluations to ascertain whether the components of internal control are present and functioning.
Logical & Physical Access Controls
codemantra implements logical access security software, infrastructure, and architectures over protected information assets to protect them from security events to meet the entity’s objectives.
codemantra monitors system components and the operation of those components for anomalies that are indicative of malicious acts, natural disasters, and errors affecting the entity’s ability to meet its objectives
codemantra authorizes, designs, develops or acquires, configures, documents, tests, approves, and implements changes to infrastructure, data, software, and procedures to meet its objectives.
The board of directors demonstrates independence from management and exercises oversight of the development and performance of internal control.
codemantra maintains, monitors, and evaluates current processing capacity and use of system components (infrastructure, data, and software) to manage capacity demand and to enable the implementation of additional capacity.
codemantra identifies and maintains confidential information to meet the entity’s objectives related to confidentiality.
codemantra implements policies and procedures over system processing to result in products, services, and reporting
codemantra designed its user entity controls with the assumption that certain controls will be the responsibility of its customers.
Security, Availability, Confidentiality and Processing Integrity Principles, Related Criteria and Controls Overview
The system is protected against unauthorized access, use, or modification to meet entity’s commitments and system requirements.
The system is available for operation and use to meet codemantra’s commitments and system requirements.
Information designated as confidential is protected to meet codemantra’s commitments and system requirements.
Processing Integrity Principle
System processing is complete, valid, accurate, timely, and authorized to meet codemantra’s commitments and system requirements.
“codemantra, as of February 29, 2020” based on the criteria set forth in the AICPA Guide Reporting on Controls at a Service Organization’s system in a SOC 2 Report (Description Criteria) and the suitability of the design of controls described there in to meet the criteria for Security, Availability, Confidentiality and Processing Integrity principles set forth in TSP section 100A – 2017.