Cybersigma Consulting Services
Security Operations Center(SOC) Form
Scoping Questionnaire
SOC 1/SOC 2/SOC 3/SOC4Cyber /ISAE 3000/3402
Personal Information
*
Name:
*
Email:
*
Contact No.
*
Company Name:
*
Organisation Information
*
What is the legal name of your organization?
Name Of Addressee
Title Of Addressee
Address Of Addressee
Has consideration been given to the fact if the report will be a SOC1 / SOC2 / ISAE 3000/3402?
Yes
No
Do you currently hold any security process certifications such as ISO 27001/2, NIST 800-53 etc.
Yes
No
Would you need a readiness / pre-assessment before doing the report?
Yes
No
A Type I report is only as of a point in time and a Type II report covers a period of time.
Will this be a Type I or a Type II report?
Type I
Type II
Are there any other compliance initiatives that your company wishes to address at this time?
Yes
No
Are there any commitments to your clients to provide the report by a particular date?
Yes
No
What is the scope of the services your organization provides?
If you have any material that describes your services in detail please provide that as well.
Are there any specific industries or clients that the business focuses on?
Yes
No
Are there / will there be any anticipated new services or changes to
existing services during the proposed review period?
Yes
No
Is this a general distribution report or meant for only one specific client?
Yes
No
If SSAE 18- SOC / ISAE , has the company established a preliminary list of control objectives?
Yes
No
How many personnel are within your organization that performs the services noted above?
If SOC 2 report which of the following principles would be applicable based on your customer/s’ requirements?
Security
Availability
Confidentiality
Privacy
Processing Integrity
(Normally it is opted for Security, Availability & Confidentiality)
Where are the location(s) of the personnel under the scope of the audit?
Where are the locations where the IT Systems / Infrastructure under the scope of the audit exist?
Are there any parts of the processes or controls that are outsourced to a third-party vendor
(also referred to as a sub-service organization in SSAE 16 / SOC 2 /ISAE 3402 terminology)
that should be included within the scope of this review?
If, yes, please provide a brief description of the services the subservice organization/s provide?
Yes
No
Reason
Where is the subservice organization located?
Does the subservice organization have an SSAE 16 or any other independent third-party examinations of their controls performed?
Yes
No
IT Infrastructure
What is the IT Infrastructure used to deliver your services? Please specify details in no of nodes etc.
Network
Operating System
Database
Application
Number Of Nodes
Are there any anticipated significant changes to the applications or IT systems including
new implementation or significant upgrades to applications / IT systems?
Yes
No
Do you perform programming and development efforts of the production applications?
If yes, please provide a high level overview of tools used for
software development / maintenance and any supporting systems to track the SDLC / Change Controls process.
Yes
No
Overview of tools used
What is the IT Infrastructure used to deliver your services? Please specify details in no of nodes etc.
on-demand self-service
Brode network access
Resource pooling
Rapid elasticty
Measured service
Which of the following service models do you offer?
Software as a Service (SaaS)
Platform as a Service (PaaS)
Infrastructure as a Service (IaaS)
Which of the following deployment models do you offer?
Private cloud
Community cloud
Public cloud
Hybrid cloud
Submit
Cybersigma Consulting Services©
