SOC 2
This page provides an overview of the SOC 2 compliance policy and the current SOC 2 requirements & controls monitored in SECBERUS.
Overview
Developed by the American Institute of CPAs (AICPA), SOC 2 defines requirements for handling customer data relevant to security, availability, Processing Integrity, Confidentiality and Privacy. Official information regarding SOC 2 can be found here.
Supported SOC 2 Controls
| Requirement | Point of Focus | Description |
|---|---|---|
| C1.1 - POF | Protects Confidential Information from Destruction | Procedures are in place to protect confidential information from erasure or destruction during the specified retention period of the information. |
| CC6.1 - POF | Identifies and Authenticates Users | Persons, infrastructure and software are identified and authenticated prior to accessing information assets, whether locally or remotely. |
| Protects Encryption Keys | Processes are in place to protect encryption keys during generation, storage, use, and destruction. | |
| Manages Identification and Authentication | Identification and authentication requirements are established, documented, and managed for individuals and systems accessing entity information, infrastructure and software. | |
| CC6.2 - POF | Controls Access Credentials to Protected Assets | Information asset access credentials are created based on an authorization from the system's asset owner or authorized custodian. |
| CC6.6 - POF | Restricts Access | The types of activities that can occur through a communication channel (for example, FTP site, router port) are restricted. |
| CC6.7 | Restricts the transmission, movement, and removal of information | |
| CC6.7 - POF | Uses Encryption Technologies or Secure Communication Channels to Protect Data | Encryption technologies or secured communication channels are used to protect transmission of data and other communications beyond connectivity access points. |
| CC7.2 - POF | Designs Detection Measures | Detection measures are designed to identify anomalies that could result from actual or attempted (1) compromise of physical barriers; (2) unauthorized actions of authorized personnel; (3) use of compromised identification and authentication credentials; (4) unauthorized access from outside the system boundaries; (5) compromise of authorized external parties; and (6) implementation or connection of unauthorized hardware and software. |
| Implements Filters to Analyze Anomalies | Management has implemented procedures to filter, summarize, and analyze anomalies to identify security events. | |
| CC8.1 - POF | Designs and Develops Changes | A process is in place to design and develop system changes. |
| P5.1 - POF | Authenticates Data Subjects’ Identity | The identity of data subjects who request access to their personal information is authenticated before they are given access to that information. |
If there is a specific requirement not included here that you would like to monitor, please email [email protected].
Updated 9 days ago