About us and our technology:

We are a technology startup having an Enterprise Software Quality platform in the cloud. This platform is utilized by Enterprise clients to conduct both manual and automated testing. While currently hosted on AWS, we are in the process of transitioning our solution to the Azure cloud.

Our solution is crafted using ReactJS for the frontend and Java for the backend, with all AWS servers situated in the United States. Our development team operates remotely, utilizing Windows VM machines in the Azure cloud for developing the solution and committing code to Bitbucket. To ensure robust access controls, all permissions are tied to the IP addresses of these VM machines, and developers are restricted from coding on their local machines. We prioritize security and access control over providing physical machines or laptops to our employees.

In our commitment to maintaining the highest standards of compliance and security, we are actively working towards fulfilling the ISO 27001 checklist and SOC2 reporting requirements. We are seeking dedicated candidates to collaborate with an external vendor in developing and implementing these compliances and checkpoints. Before initiating external independent audits, our students will undertake thorough security assessments, including Vulnerability Assessment and Penetration Testing (VAPT), and internally report their findings.

These student resources will be integrally involved in establishing and adhering to the checklists for these critical certifications, receiving guidance not only from our experienced internal team but also from the external vendor. Their role is crucial in ensuring our technology not only meets but exceeds the stringent standards of our industry.

Assist in Project Initiation:

• Research Assistance: Interns can help gather detailed information about ISO 27001 and SOC2 Type 1 standards.
• Documentation: Assist in creating initial project documentation and schedules.

Support in Understanding Requirements:

• Comparative Analysis: Help compare organization's current practices with the compliance requirements.
• Checklist Creation: Assist in creating checklists based on compliance requirements for easier tracking.

Involvement in Risk Assessment:

• Asset Inventory: Assist in creating and maintaining an inventory of information assets.
• Preliminary Risk Assessment: Help with the initial stages of risk assessment under supervision.

Help in Designing Controls:

• Policy Drafting Support: Help draft basic policy documents and procedures under guidance.
• Control Mapping: Assist in mapping out how each selected control will be implemented.

Implementation Support:

• Test Implementations: Participate in testing the implementation of controls in a controlled environment.
• Training Support: Help organize and prepare materials for compliance training sessions.

Assist with Review and Testing:

• Internal Audit Support: Assist with organizing and conducting the internal audit under supervision.
• Documentation Review: Help review policies and procedures to ensure they are comprehensive and understandable.

Pre-Assessment Activities:

• Mock Audits: Participate in mock audits to understand how formal audits are conducted.
• Remediation Tasks: Assist in simple remediation tasks identified during pre-assessments.

Support during Certification Audit:

• Observation: Shadow professionals during the certification audit to learn about the process.
• Meeting Preparation: Help prepare materials and documentation for audit meetings.

Post-Certification Activities:

• Audit Finding Summaries: Assist in creating summaries of audit findings for internal review.
• Follow-up Task Support: Help with follow-up tasks assigned post-certification under supervision.

Documentation and Reporting:

• Document Management: Help maintain and organize documentation related to the compliance process.
• Reporting Assistance: Assist in preparing regular status reports on compliance efforts.

We will collaborate fully with the students in this important project. The students will also work an external Cyber security firm in implementing the compliance checklists and controls. Again this is strategic project for us to achieve ISO 27001 and SOC2 Type 1 certifications