Developed by the American Institute of CPAs (AICPA), SOC 2 defines requirements for handling customer data relevant to security, availability, Processing Integrity, Confidentiality and Privacy. Official information regarding SOC 2 can be found here.
|Point of Focus
|C1.1 - POF
|Protects Confidential Information from Destruction
|Procedures are in place to protect confidential information from erasure or destruction during the specified retention period of the information.
|CC6.1 - POF
|Identifies and Authenticates Users
|Persons, infrastructure and software are identified and authenticated prior to accessing information assets, whether locally or remotely.
|Protects Encryption Keys
|Processes are in place to protect encryption keys during generation, storage, use, and destruction.
|Manages Identification and Authentication
|Identification and authentication requirements are established, documented, and managed for individuals and systems accessing entity information, infrastructure and software.
|CC6.2 - POF
|Controls Access Credentials to Protected Assets
|Information asset access credentials are created based on an authorization from the system's asset owner or authorized custodian.
|CC6.6 - POF
|The types of activities that can occur through a communication channel (for example, FTP site, router port) are restricted.
|Restricts the transmission, movement, and removal of information
|CC6.7 - POF
|Uses Encryption Technologies or Secure Communication Channels to Protect Data
|Encryption technologies or secured communication channels are used to protect transmission of data and other communications beyond connectivity access points.
|CC7.2 - POF
|Designs Detection Measures
|Detection measures are designed to identify anomalies that could result from actual or attempted (1) compromise of physical barriers; (2) unauthorized actions of authorized personnel; (3) use of compromised identification and authentication credentials; (4) unauthorized access from outside the system boundaries; (5) compromise of authorized external parties; and (6) implementation or connection of unauthorized hardware and software.
|Implements Filters to Analyze Anomalies
|Management has implemented procedures to filter, summarize, and analyze anomalies to identify security events.
|CC8.1 - POF
|Designs and Develops Changes
|A process is in place to design and develop system changes.
|P5.1 - POF
|Authenticates Data Subjects’ Identity
|The identity of data subjects who request access to their personal information is authenticated before they are given access to that information.
If there is a specific requirement not included here that you would like to monitor, please email [email protected].
Updated 3 months ago