Blog|

codemantra’s Product Engineering, Content Solutions and Full-Service Content Production are now SOC2 Type 1 audited.

Service Organization Controls (SOC) reports are designed to help service organizations, that provide services to other entities, build trust and confidence in the service performed and controls related to the services through a report by an independent CPA. Each type of SOC report is designed to help service organizations meet specific user needs.

For instance, Type 1 is a report on the fairness of the presentation of management’s description of the service organization’s system and the suitability of the design and operating effectiveness of the controls to achieve the related control objectives included in the description as of a specified date.

With close to 20 years’ experience in the publishing industry, codemantra is an agile engineering and technology-driven content services company. Infrastructure, software, people, procedures, and data are components of the system used to provide the aforementioned services. The controls implemented in codemantra cover security, processing integrity, availability, and confidentiality, and also fulfill the requirements of IT Act 2000 Section 43 and Amendment 2008 Section 43A, highlighting cybersecurity requirements such as computer operations, computer systems, or computer networks.

Organization & Management

A documented organizational chart is in place to communicate organizational structures, lines of reporting, and areas of authority. Roles and responsibilities are well-defined. Job descriptions are reviewed by the management annually. Job requirements are documented in the job descriptions, and candidate’s abilities to meet these requirements are evaluated.

Communications

System descriptions are communicated to authorized external users via service level agreement (SLA). codemantra’s security, availability, confidentiality, and processing integrity commitments regarding the system are included in the master subscription agreement (MSA).

Risk Management & Design and Implementation of Controls

codemantra identifies risks impeding the achievement of its objectives across the entity and analyzes these risks to determine how they should be managed. The entity then selects and develops control activities that contribute to the mitigation of those risks, thereby resulting in the achievement of objectives to acceptable levels.

Monitoring of Controls

The entity selects, develops, and performs ongoing and/or separate evaluations to ascertain whether the components of internal control are present and functioning.

Logical & Physical Access Controls

codemantra implements logical access security software, infrastructure, and architectures over protected information assets to protect them from security events to meet the entity’s objectives.

System Operations

codemantra monitors system components and the operation of those components for anomalies that are indicative of malicious acts, natural disasters, and errors affecting the entity’s ability to meet its objectives

Change Management

codemantra authorizes, designs, develops or acquires, configures, documents, tests, approves, and implements changes to infrastructure, data, software, and procedures to meet its objectives.

Additional Controls

The board of directors demonstrates independence from management and exercises oversight of the development and performance of internal control.

Availability

codemantra maintains, monitors, and evaluates current processing capacity and use of system components (infrastructure, data, and software) to manage capacity demand and to enable the implementation of additional capacity.

Confidentiality

codemantra identifies and maintains confidential information to meet the entity’s objectives related to confidentiality.

Processing Integrity

codemantra implements policies and procedures over system processing to result in products, services, and reporting.

codemantra designed its user entity controls with the assumption that certain controls will be the responsibility of its customers.

Security, Availability, Confidentiality and Processing Integrity Principles, Related Criteria and Controls Overview

Security Principle

The system is protected against unauthorized access, use, or modification to meet entity’s commitments and system requirements.

Availability Principle

 The system is available for operation and use to meet codemantra’s commitments and    system requirements.

Confidentiality Principle

Information designated as confidential is protected to meet codemantra’s commitments and system requirements.

Processing Integrity Principle

 System processing is complete, valid, accurate, timely, and authorized to meet codemantra’s commitments and system requirements.

“codemantra, as of February 29, 2020” based on the criteria set forth in the AICPA Guide Reporting on Controls at a Service Organization’s system in a SOC 2 Report (Description Criteria) and the suitability of the design of controls described therein to meet the criteria for Security, Availability, Confidentiality, and Processing Integrity principles set forth in TSP section 100A – 2017.

Leave a Reply

Your email address will not be published. Required fields are marked *

Close Search Window