SOC & SysAuditor

System, Operations and Controls (SOC)

A SOCs primary objective is to identify strengths and weaknesses, determine areas for improvement, and make recommendations for enhancing overall performance. A process audit involves the examination and evaluation of processes, procedures, and workflows within an organization.

A SOC or SOC2 audit is time and resource consuming. People, processes, systems, policy and computer resources are all involved in an audit. One might ask, why is it so time consuming when all our information is computer based? The answer is simple and complex; we never expected to be so reliant of computers and we never foresaw the impact and need for privacy and security as an important part of a digital revolution.

Old vs New Systems

The first general-purpose electronic computer, in 1946.  One of the first website was published, running on the development NeXT cube, on December 20, 1990. The goal was to be faster, easier and less costly. These goals have been reached at the cost of reliability, privacy and security.

We have learned a lot about software, hardware and networks such as all software and hardware has errors making reliability, privacy and security critical to systems success. 

We are now spending millions of dollars to find errors in hardware, software, networks, systems and processes. IT WOULD BE NICE IF THE INDUSTRY HAD PLANNED AUTOMATION TO DETECT, FIND AND MITIGATE ERRORS!

NEW WAY - Systems Automation 

Hardware, software and networks provide clues, hints and evidence related to problems. Log files, inventories, system flags and errors provide information. The problem is there is a lot of information, it is not usually monitored in real time and the effects are not known on a system level.

Computing has moved from simple stand alone implementations to complex distributed and mesh networks with complex relationships, data management and security needs.

SysAuditor Role 

The complexity of information management increases daily as do the costs associated with creating and supporting a computing infrastructure.

SysAuditor simplifying the data collection, management and analysis of hardware, systems processes and operations by automating data collection, amalgamation and analysis. The SysAudtor assumes all the information needed to capture issues and identify problems  is held in hardware, software and network connectivity of a computing environment. By proactively collecting and analysing the information held within a computing environment, we proactively mitigate risk.

This is a list of issues resolvable using SysAuditor:

• Identify non unauthorized software use

• Create a complete inventory of all software in use.

• Match license compliance with hardware and software in use.

• Asset evaluations based comparison of current or real time inventory compared to expected inventory.

• Complete real time audit in event of loss. 

• Identification of out dated hardware and software.

• Vulnerability detection of hardware and software in operation.

• Life cycle management - end of life or support.

• VM monitoring inventory and operations monitoring.

• Enriched logging with events or actions linkages.

• Links hardware and software supply chains into inventory operations.