Coral assists Subex achieve SOC 2 Type 2

Subex is a telecommunications solutions provider, delivering software platforms and analytics solutions to telecom operators worldwide.

Coral eSecure partnered with Subex to support the successful achievement of SOC 2 Type 2 attestation, using a structured, risk-based approach aligned with Subex’s business model and operational environment.

SOC 2 Type 2 Implementation Approach

The SOC 2 Type 2 attestation journey involved guiding Subex through the following key activities (not exhaustive):

• Understanding Subex’s business operations, technology landscape, and SOC 2 context

• Establishing business and control objectives aligned with SOC 2 requirements

• Determining applicable Trust Services Criteria

• Conducting a detailed gap analysis against relevant SOC 2 Points of Focus

• Performing a three-phase risk assessment to identify and prioritize risks

• Providing ongoing risk remediation and advisory support

• Developing and formalizing policies and procedures across multiple domains, including:

  • Product development and production operations

  • IT operations and infrastructure

  • Cybersecurity and incident response

  • Business continuity and disaster recovery

  • Human resources

  • Physical security

  • Supplier and third-party management

• Supporting control testing over a 3–6 month observation period

• Delivering SOC 2 awareness and role-based training to employees in scope

• Conducting internal audits to assess control design and operating effectiveness

Outcomes and Benefits

With Coral eSecure’s support, Subex established a robust governance and control framework that enabled effective tracking, monitoring, and management of risks across the organization.

The engagement concluded with an unqualified SOC 2 Type 2 report issued by the independent CPA, demonstrating the effectiveness of the implemented controls and the successful collaboration between Subex and Coral eSecure.