SOC-CMM forum

Full Version: Which extension should be done to the business domain?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
The SOC-CMM survey has indicated that some users are looking for additions to the SOC-CMM business domain. Which additions should be considered?
Probably 2.2.9 - Human Resource
Remarks - Disciplinary review of web accesses habits or other employee system reviews that are legally allowed such as in the case of harassment
Agreed! Web access habits could be a compliance issue as well, so I suppose the compliance department is also a potential customer. That's probably true for all departments concerned with policy violations.

I hadn't considered harassment yet, but of course if it contains a digital component forensic analysis or monitoring could be called upon. I'll add this to the next release of the SOC-CMM.
Compliance, Data Privacy and Data Ownership are areas that impact a SOC team operationally as part of incident response process. Cohesion and effective involvement of Data Protection officers/function in SOC process is important. Please see if you can cover this as an area of extension of Business Domain.