SOC 2 Accelerator: Vanta + Kobalt.io + Prescient Security

With Kobalt, Prescient, and Vanta, customers get a one-of-a-kind experience that covers all aspects of reaching your goals of achieving an optimized SOC 2 program for your business. You get the best of all worlds:

Trust Management Platform with Vanta: Vanta goes beyond checklists and point-in-time audits with continuous monitoring that keeps you secure and compliant at all times. If issues arise, you can receive alerts and guidance via email and Slack or use Vanta's task-tracker integrations to stay on top of fixes. Vanta unifies security program management by bringing together key compliance and security workflows, like access reviews, vendor risk management, and more, saving you time and giving you better contextual insight for prioritizing and managing risk.

Advisory with Kobalt: Vanta’s leading services partner will provide you with a dedicated security squad consisting of a named vCISO, GRC analyst and program management to ensure project success and audit readiness.

• Defining of the scope of your SOC 2 certification by properly guiding the creation of your System Description and selection of appropriate Trust Services Criteria
• Support on Vanta configuration: setting up integrations across client tech stack, mapping controls, creating personnel groups and checklists, and deploying and utilizing Vanta agents
• Policy creation, adapting Vanta policies to the specifics of the business so they are suitable for compliance and align to business operations
• Review, organize and assign ownership for the customer on key technical tests related to items such as change management, version control, etc.
• Support on required documentation: evidence requirements, providing templates as needed
• Conduct risk assessment, build risk registers and remediation plans, completing vendor risk assessments
• Access management and review guidance
• Building your incident response plan and conducting tabletop exercises
• Optional black box, grey box or white box penetration testing of your AWS cloud stack, web application, mobile application and other infrastructure
• Optional extended services including 7x24 managed threat detection and monitoring of your AWS cloud stack, phish testing and privacy support

Attestation with Prescient: Prescient Security is the leader in audit and attestation services for B2B SAAS companies globally. Prescient has crafted an integrated SOC 2 audit service with Vanta and Kobalt as below:

• Perform Mock Audit/ Gap Analysis on Vanta to make sure the client is SOC 2 audit ready for Type 1 after Kobalt prepares the client on design and implementation of suitable controls.
• Help with updating system description that's required for SOC 2 final report leveraging the automated system description on Vanta.
• Perform Type 1 Test procedures and SOC 2 Type 1 report preparation leveraging evidence data pulled via Vanta auditor API or auditor dashboard
• Monitoring of controls over Type 2 audit observation period
• Perform Test Procedures and accepting / rejecting controls during Type 2 reporting period
• Conduct interviews, walkthroughs and fieldwork and documentation of audit working papers
• Final SOC 2 Type 2 Report Preparation and Remediation guidance
• Audit and monitoring of AWS technical controls required to meet SOC 2 trust services criteria such as AWS Security Hub, WAF, Secrets manager, Inspector, Guardduty, IAM Identity Center, Cloudrail, Cloudwatch etc.
• You can add HIPAA, CSA STAR, GDPR, CCPA, NIST, ISAE/SSAE 3000/3402 etc and other regulatory and compliance requirements to our SOC 2 testing for a more comprehensive proof of security and privacy for your enterprise clients.

Prescient Security and Vanta are active participants in the AWS Global Security & Compliance Acceleration (GSCA) Program.