Your browser version is outdated. We recommend that you update your browser to the latest version.

Nest Wealth

Supporting the company from July 2020 to December 2024, Anthony helped initiate Nest Wealth's SOC2 project for the company's Nest Wealth Plus digital wealth solution and continued to play an active role in coordination, updates and self-assessment after the first year audit.  In addition, Anthony has supported the company's transition to Quebec's Law 25 Privacy regulations through project impact assessments (PIA) and updates and creation of related policies and procedures.

At the outset, Anthony developed the SOC2 controls framework based on in-scope criteria and system technologies and processes in place, using a customized model framework based on best practices and AICPA guidance.  The framework and the associated details assembled for the final audit report were obtained from study of the actual practices either through available documentation or targeted interviews with company personnel. 

The controls framework and supporting guidance, was implemented into the company's Confluence implementation including numerous summary macro's and queries to help monitor progress and summarize results of testing and any outstanding areas for attention.  The framework within Confluence provides opportunities to link directly to source policies, procedures and supporting evidence. 

As part of the process, Anthony assisted the company with the development of numerous policies and procedures to support the SOC2 controls including code of conduct, HR related policies and procedures, risk assessment policies and procedures, security policies and procedures, system architectural descriptions and diagrams, incident management procedures, change and software development procedures.

Guidance was provided on improvements in practices to achieve adherence to the control framework as part of his ongoing role, evaluation and any relevant recommendations are provided to enhance processes based on changes in the business or technologies.

Anthony helped coordinate the audit engagement by providing a bridge from the external auditor to the company's internal resources to help field queries and support audit requests, reducing the workload on the company's personnel and overall, making the audit efficient and minimal headaches and stress for the team.   

As part of the company's journey for SOC2 compliance and other compliance objectives, Anthony assisted the company with evaluation of SaaS based compliance management tools including OneTrust Certification Automation (formerly Tugboat Logic), Drata and Vanta.