Gmail
Google Calendar
Google Drive
Google Docs
Google Forms
Google Hangouts
Google Hangouts Meet
Google Keep
Google Slides
Google Sheets
Google Sites
Dropbox
Slack
JIRA
MyIT
Smartsheets
Smart ITSOC Guidelines & Checklist
SOC Guidelines
The News Corp Systems Security Management Policy (dated Sept. 1, 2017) , The Dow Jones Third Party Security Policy (dated Sept. 1, 2017) and Vendor Information Risk Management Program (the “Policy”) provides direction and establishes requirements for implementing effective security practices when provisioning information systems.
These Guidelines are intended to provide guidance and details to implement and supplement the Policy at Dow Jones to ensure that cybersecurity risk management is managed during the implementation and administration of SaaS systems.
SOC 1 and SOC 2 reports shall be obtained and assessed as part of the procurement process for a new SaaS system
Annual SOC reviews shall be conducted by App Owner and reviewed by Infosec for Key SaaS applications listed in Table 1 below via ProcessUnity application.
Table 1:
| Key SaaS Apps |
| DocuSign |
| DropBox |
| Google G-Suite |
| Google Vault |
| Okta |
| Slack |
SOC Review MVP Checklist
-
Review list of Priority SaaS Apps to ensure list is up to date and current
-
Initiate SOC review via InfoSec’s ProcessUnity application.
-
Review and store the latest SOC (1 and 2) reports from the vendor.
-
Identify and report any potential issues to App Owner.