abbt9 (abbt9) asked a question.
Hello,
My name is Eric Douglin, I'm the Third-Party Assurance Analyst the at Direct Line Group working in the Information Security Team looking at the cyber security posture of our third-party suppliers.
OKTA have filled the criteria for us to perform an initial security risk assessment, prior to completing any potential on site , in-depth assurance and reporting activity. This is to ensure we only engage with suppliers which may expose DLG to potential information security risks or issues.
In order to initiate the initial risk assessment we would need a copy of your latest SOC2 report to review and assess any potential risk OKTA may pose to the DLG.
The review of the OKTA SOC2 report is an initial internal risk assessment that is designed to give an indication of the supplier's information security maturity, it will not produce any remedial actions for the supplier or risks to be captured internally.
I would be grateful if you could provide us with a copy of the SOC 2 or direct me to the appropriate team or individual who could do so.
Thank you
Best Regards
Eric Douglin
eric.douglin@directlinegroup.co.uk
You can find all of the required documents here
https://support.okta.com/help/s/securitydocs?language=en_US