Page 153 - NovDefComp

P. 153

MASSACHUSETTS MUTUAL LIFE INSURANCE COMPANY
Defined Benefit and Defined Contribution

Recordkeeping Operations

Complementary Subservice
Subservice Related Control
Organization Services Provided Objective Organization Controls
(CSOCs)
Matrix Matrix Financial Control Objective 1 CO 1 and CO 2-Matrix
Solutions (Software-as- Application Change should have controls to
a-Service) used by ensure that
MassMutual DB Management application/software
Midmarket Corporate Control Objective 2 development and application/
clients for trust and software changes made to
investment services. System Software existing applications are
Software-as-a-Service Change Management documented, authorized,
is a subscription based Control Objective 3 tested and approved for
software distribution implementation.
model in which Matrix, a Physical Security and
multi-tenant application, Environmental Controls CO 3-Matrix should have
controls over physical
is developed, hosted Control Objective 4
and maintained centrally security and environmental
protection of computer
by Matrix and made Logical Access
available to MassMutual Control Objective 5 equipment and storage
media.
and other clients over
the Internet. Job Processing CO 4-Matrix should have
Control Objective 6 controls over provisioning,
termination, and
Data Transmissions recertification of user access.

CO 5-Matrix should have
controls over the scheduling
of production processing and
system backups, and the
identification and resolution
of deviations from the
schedule.
CO 6-Matrix should have
controls over the completion
and security of data
transmissions, and
identification and resolution
of failures.

MassMutual Defined Benefit and Defined Description of the System Provided by
Contribution Recordkeeping Operations System MassMutual
12

148 149 150 151 152 153 154 155 156 157 158