FAQ - Using SOAPSonar for SAS 70 Compliance Testing


SOAPSonar provides the features to accomplish testing the requirements set forth in the SAS 70 ( Statement on Auditing Standards (SAS) No. 70) per Service Organization Controls (SOC) level reporting. 

Specifically, the following information can be obtained and validated


SOC 2 Report— Report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy
SOC 3 Report— Trust Services Report for Service Organizations


Trust Services Principles

-- SOAPSonar provides an integrated WSDL scoring engine which performs detailed analysis of WSDL and schema to assess compliance with regard to message patterns and  potential exposure to processing integrity risks.

Security


-- SOAPSonar provides security testing across the following different types of security validation:   Threat Vector Vulnerability Assessment, Identify and Access Control testing, Security Standards such as WS-Security Encryption, Decryption, Signatures, and Signature Verification,

Availability

-- SOAPSonar provides performance testing assessment with latency and throughput analysis with profile management for concurrent users.

Processing Integrity

-- SOAPSonar provides several testing features to validate the enforcement (or lack thereof) of document integrity with regard to RFC protocol compliance, well-formed XML, and valid schema data types and structure
 

Confidentiality, and Privacy


-- SOAPSonar provides one-way and 2-way SSL/TLS validation, WS-Encryption, WS-Decryption, WS-Signatures, and WS-Signatures Validation to validate privacy and confidentiality enforcement of service transactions.

0 Comments

Please sign in to leave a comment.