Page 152 - NovDefComp
P. 152
MASSACHUSETTS MUTUAL LIFE INSURANCE COMPANY
Defined Benefit and Defined Contribution
Recordkeeping Operations
Complementary Subservice Organization Controls (CSOCs)
MassMutual’s systems and the controls over DB and DC Recordkeeping Operations system processing
were designed with the assumption that certain control objectives can be achieved only if the CSOCs are
implemented by the subservice organizations. The description includes only the controls and related control
objectives of MassMutual and excludes the control objectives and related controls of the subservice
organizations. The application of such CSOCs by subservice organizations support the achievement of
control objectives identified in this report. The subservice organization control considerations presented
below should not be regarded as a comprehensive list of all of the controls that should be employed by the
subservice organizations.
Complementary Subservice
Subservice Related Control
Organization Services Provided Objective Organization Controls
(CSOCs)
DST TRAC (Software-as-a- Control Objective 1 CO 1 and CO 2-DST should
Service) DC have controls to ensure that
Recordkeeping Application Change application/software
Management
system used by development and application/
MassMutual DC Control Objective 2 software changes made to
Midmarket Corporate existing applications are
clients. Software-as-a- System Software documented, authorized,
Change Management
Service is a subscription tested and approved for
based software Control Objective 3 implementation.
distribution model in
which TRAC, a multi- Physical Security and CO 3-DST should have
tenant application, is Environmental Controls controls over physical
security and environmental
developed, hosted and Control Objective 4 protection of computer
maintained centrally by
DST and made Logical Access equipment and storage
media.
available to MassMutual Control Objective 5
and other clients over CO 4-DST should have
the Internet. Job Processing controls over provisioning,
Automated Work Control Objective 6 termination, and
recertification of TRAC and
Distribution (AWD) Data Transmissions
system used by AWD user access.
MassMutual automates CO 5-DST should have
the handling and controls over the scheduling
distribution of hardcopy of production processing and
client and participant system backups, and the
documents. AWD is identification and resolution
hosted and maintained of deviations from the
centrally by DST and schedule.
made available to
MassMutual. DST’s CO 6-DST should have
services are limited to controls over the completion
System Software and security of data
Change Management, transmissions, and
Physical Security and identification and resolution
Environmental Controls. of failures.
MassMutual Defined Benefit and Defined Description of the System Provided by
Contribution Recordkeeping Operations System MassMutual
11
