SOC-CMM forum
SOC Certification Body - Printable Version

+- SOC-CMM forum (https://www.soc-cmm.com/forum)
+-- Forum: SOC-CMM (https://www.soc-cmm.com/forum/forumdisplay.php?fid=1)
+--- Forum: SOC-CMM community forum (https://www.soc-cmm.com/forum/forumdisplay.php?fid=2)
+--- Thread: SOC Certification Body (/showthread.php?tid=403)



SOC Certification Body - darren.bnm - 05-16-2019

Hi Rob, 
Do you know of any SOC Certification Body?
For example, Head of Cybersecurity wants to prove that its SOC is an advanced SOC with all the top-notch technologies, processes, and people.
Is there any well-known third party that can certify this?

Thanks!
Best regards,
Darren


RE: SOC Certification Body - robvanos - 05-22-2019

Hi Darren,

I'm not aware of any such certification. There are consulting companies that have proprietary maturity models that they use for assessment. This sort of maturity assessment could be used as 'proof' of an advanced SOC. Of course, the SOC-CMM could be used for the same purpose. Objectivity can be introduced by having the assessment conducted by a third party. In the Netherlands, there is already a company doing SOC-CMM assessments. There may be others that I am not aware of. The advantage of using the 'open' SOC-CMM for assessments is that you can avoid 'vendor lock-in' due to proprietary confidential models.

Regards,
Rob.


RE: SOC Certification Body - ViliusBenetis - 06-08-2019

(05-16-2019, 06:43 AM)darren.bnm Wrote: Hi Rob, 
Do you know of any SOC Certification Body?
For example, Head of Cybersecurity wants to prove that its SOC is an advanced SOC with all the top-notch technologies, processes, and people.
Is there any well-known third party that can certify this?

Thanks!
Best regards,
Darren

Dear Darren,

our team is running SOC-CMM assessments, and issue confirmation of assessed level via signed by us paper (certificate). We do so for different projects around the world - both for new ones where we build out CSIRT/SOCs, but as well for established SOCs. Usually our work serve a bit different purpose than you have mentioned - I would say, to validate the effectiveness of resources spent, or planning/justifying the future balanced developments.

Please contact me (vb_AT_nrd.no), if you want to hear more on how we approach such audits and confirmations.

Vilius Benetis
NRD Cyber Security