SOC-CMM forum

Full Version: SOC Certification Body
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Hi Rob, 
Do you know of any SOC Certification Body?
For example, Head of Cybersecurity wants to prove that its SOC is an advanced SOC with all the top-notch technologies, processes, and people.
Is there any well-known third party that can certify this?

Thanks!
Best regards,
Darren
Hi Darren,

I'm not aware of any such certification. There are consulting companies that have proprietary maturity models that they use for assessment. This sort of maturity assessment could be used as 'proof' of an advanced SOC. Of course, the SOC-CMM could be used for the same purpose. Objectivity can be introduced by having the assessment conducted by a third party. In the Netherlands, there is already a company doing SOC-CMM assessments. There may be others that I am not aware of. The advantage of using the 'open' SOC-CMM for assessments is that you can avoid 'vendor lock-in' due to proprietary confidential models.

Regards,
Rob.
(05-16-2019, 06:43 AM)darren.bnm Wrote: [ -> ]Hi Rob, 
Do you know of any SOC Certification Body?
For example, Head of Cybersecurity wants to prove that its SOC is an advanced SOC with all the top-notch technologies, processes, and people.
Is there any well-known third party that can certify this?

Thanks!
Best regards,
Darren

Dear Darren,

our team is running SOC-CMM assessments, and issue confirmation of assessed level via signed by us paper (certificate). We do so for different projects around the world - both for new ones where we build out CSIRT/SOCs, but as well for established SOCs. Usually our work serve a bit different purpose than you have mentioned - I would say, to validate the effectiveness of resources spent, or planning/justifying the future balanced developments.

Please contact me (vb_AT_nrd.no), if you want to hear more on how we approach such audits and confirmations.

Vilius Benetis
NRD Cyber Security