SOC Maturity level

Have you identified the SOC customers?

NO

YES

ON-GOING

YES but not fully

Do you have a training program in place?

NO

YES - for all roles in the SOC

YES - for TIER1

Do you have a formally described shift turnover procedure?

NO

YES - partly

YES - fully implemented

Do you perform regular teambuilding exercises?

YES - every month

NO

YES - every year

Have you identified the main business drivers?

PARTIAL

YES

FULL

NO

Do you use documented workflows?

NO

YES

Is there a SOC management process in place?

YES - fully implemented

NO

YES - but not fully

Does the SOC have a formal charter document in place?

NO

NOT Fully

YES

On-Going

Do you have a satisfactory physical SOC location?

YES

YES- but is very small

NO

Do you formally differentiate roles within the SOC?

NO

YES

Do you use external employees /contractors in your SOC?

External employees

Internal full time employees

Contractors

Do you measure employee satisfaction for improving the SOC?

NO

Working on at

YES

Is there a reserved budget for education and training?

NO

YES

Do you have service level agreements with these customers?

YES

NO

On-Going

YES but not published yet

Do you have a career progression process in place?

NO

YES

Do you have regular workshops for knowledge development?

NO

YES - once in a year

YES - 3 times in a year

Is the SOC charter document approved by the business / CISO?

YES

On-Going

Other

NO

Which of the following roles are present in your SOC?

Penetration Tester

SOC Manager

Security Engineer

Threat Analyst

Incident Handler

Team Leader

Security Architect

Security Analyst

Security Specialist

Incident Manager

Is skill assessment regularly updated with new skills?

YES

NO

Which assessment?

Is there a governance process in place?

NO

YES

YES-Fully implemented

Yes - not implemented yet

SOC Maturity level

By NessPRO

Cyber solutions