03. Welcome E-mail
Congratulations!
You have recently been hired by SwiftTech as a Cybersecurity GRC analyst! It’s a great opportunity for you and the timing couldn’t be better for SwiftTech. SwiftTech prides itself on being first-to-market with innovative technology solutions that improve work efficiency for companies around the globe. Part of SwiftTech’s success hinges on their ability to overcome obstacles and do everything in their power to develop new ideas as quickly as possible. Their latest product is a Software-as-a-Service (SaaS) solution that makes Project Tracking a breeze. The beta launch has already gotten amazing reviews and some analysts are saying that SwiftTech’s ProTrackPlus is a real contender to displace big name legacy Project Tracking software. In fact, SwiftTech has already lined up some potential large customers. A large healthcare system in the state of Minnesota has asked SwiftTech to participate in a Request for Proposal (RFP) process for new project management software. The government of the United Kingdom has also contacted SwiftTech about its software to replace project management software already being used by a number of government agencies.
SwiftTech does have a number of hurdles ahead. SwiftTech started off as a relatively small company. Their flagship product, GreenGrass – a contact management system, was designed and built to be installed on customer owned hardware in a physical location. ProTrackPlus is SwiftTech’s first foray into SaaS. SwiftTech wants to follow best practices as they relate to SaaS but they don’t want to sacrifice their commitment to agile software development and failing fast. SwiftTech’s motto is: Speed, Flexibility, Success!
The major challenge for SwiftTech, however, is that they face a rapidly changing customer landscape that demands a higher level of vendor scrutiny. Prospective customers now expect new vendors to sign complex Master Service Agreements which dictate specific requirements for cybersecurity and governance, risk, and compliance programs. Many of the requirements are rooted in regulatory compliance or a potential customer’s appetite for risk. They also, at a minimum, expect SaaS vendors to provide a SOCII report which helps establish a baseline for cybersecurity controls and validates their effectiveness.
SwiftTech does not currently have a SOCII report but they recently hired an outside firm, Firehawk Security, to perform a readiness assessment in preparation for pursuing a SOCII attestation report. SwiftTech’s Chief Information Security Officer (CISO) has asked that you review Firehawk Security’s recommendations and follow through on several action items.