SOC2-Style Security Audit for Healthcare and Fintech Platforms
Challenge
Prepare comprehensive security audit submissions for two organisations simultaneously — a healthcare crowdfunding platform and a fintech group — covering SEC, AVA, and PRI controls with full AWS infrastructure evidence.
Approach
Systematic evidence gathering across all AWS accounts — IAM policies, CloudTrail logs, Config rules, MFA enforcement status, VPC configurations, and access matrices — compiled into structured audit packages per control family.
Implementation
Documented complete IAM access matrices for both organisations. Enforced MFA across all AWS accounts. Prepared control mappings to SOC2 trust criteria. Identified and remediated security gaps discovered during audit preparation — including overprivileged IAM roles and unencrypted S3 buckets.
Results
Both audit submissions completed and accepted. Security posture measurably improved. MFA enforced organisation-wide. Several critical findings remediated before external audit review.