This page provides an overview of the SOC 2 compliance policy and the current SOC 2 requirements & controls monitored in SECBERUS.


Developed by the American Institute of CPAs (AICPA), SOC 2 defines requirements for handling customer data relevant to security, availability, Processing Integrity, Confidentiality and Privacy. Official information regarding SOC 2 can be found here.

Supported SOC 2 Controls

RequirementPoint of FocusDescription
C1.1 - POFProtects Confidential Information from DestructionProcedures are in place to protect confidential information from erasure or destruction during the specified retention period of the information.
CC6.1 - POFIdentifies and Authenticates UsersPersons, infrastructure and software are identified and authenticated prior to accessing information assets, whether locally or remotely.
Protects Encryption KeysProcesses are in place to protect encryption keys during generation, storage, use, and destruction.
Manages Identification and AuthenticationIdentification and authentication requirements are established, documented, and managed for individuals and systems accessing entity information, infrastructure and software.
CC6.2 - POFControls Access Credentials to Protected AssetsInformation asset access credentials are created based on an authorization from the system's asset owner or authorized custodian.
CC6.6 - POFRestricts AccessThe types of activities that can occur through a communication channel (for example, FTP site, router port) are restricted.
CC6.7Restricts the transmission, movement, and removal of information
CC6.7 - POFUses Encryption Technologies or Secure Communication Channels to Protect DataEncryption technologies or secured communication channels are used to protect transmission of data and other communications beyond connectivity access points.
CC7.2 - POFDesigns Detection MeasuresDetection measures are designed to identify anomalies that could result from actual or attempted (1) compromise of physical barriers; (2) unauthorized actions of authorized personnel; (3) use of compromised identification and authentication credentials; (4) unauthorized access from outside the system boundaries; (5) compromise of authorized external parties; and (6) implementation or connection of unauthorized hardware and software.
Implements Filters to Analyze AnomaliesManagement has implemented procedures to filter, summarize, and analyze anomalies to identify security events.
CC8.1 - POFDesigns and Develops ChangesA process is in place to design and develop system changes.
P5.1 - POFAuthenticates Data Subjects’ IdentityThe identity of data subjects who request access to their personal information is authenticated before they are given access to that information.


If there is a specific requirement not included here that you would like to monitor, please email [email protected].