What is SOC 2 Availability Criteria? The Availability Criteria is one of the five Trust Services Criteria defined by the AICPA. It is an incremental criteria to the Common Criteria (also known as the Security Criteria), so you can’t do this one on its own – it’s one for extra credit. The availability criteria focuses […]
SOC 2 Availability Criteria Read More »
What is SOC 2 Risk Mitigation (CC9)? Risk mitigation is an incredibly important aspect of managing your organization’s security. While being able to respond to security incidents is essential, the best way to safeguard your organization is to reduce the likelihood of problems occurring in the first place. Your risk mitigation plan needs to be
SOC 2 CC9: Common Criteria related to Risk Mitigation Read More »
What is SOC 2 Change Management (CC8)? Organizations are responsible for making necessary changes to protect, enforce, and improve its systems. Although being able to make changes and adapt to new situations is essential, it is important to have a plan in place for how to best go about implementing these critical actions. Managing changes
SOC 2 CC8: Common Criteria related to Change Management Read More »
What is SOC 2 System Operations (CC7)? Organizations are responsible for managing the operation of their systems, which means they need to continuously work to detect, prevent, and address any security issues that may impact their business. Staying on top of monitoring security protocols, preventing and responding to security incidents, and having a plan of
SOC 2 CC7: Common Criteria related to System Operations Read More »
What is SOC 2 Logical and Physical Access (CC6)? Organizations are responsible for controlling logical and physical access to their protected information by using appropriate security software,infrastructure, and architectures. Implementing and maintaining these necessary controls will protect your company’s valuable data and prevent unwanted security events. It will also help you meet the requirements outlined
SOC 2 CC6: Common Criteria related to Logical and Physical Access Read More »
What are SOC 2 Control Activities (CC5)? As the leader of an organization, the success of your business can depend on the structure of your controls and related activities. You might have a tremendous product or service to offer, but if you fail to identify risks and mitigate them with controls, your business may struggle
SOC 2 CC5: Common Criteria related to Control Activities Read More »
What are SOC 2 Monitoring Activities (CC4)? Common Criteria (CC) 4 of the SOC 2 Common Criteria covers control monitoring activities recommended to be implemented. Do you have controls in place to perform proactive and reactive monitoring of your systems and controls? Are these proactive evaluations done in all your environments? These are questions you
SOC 2 CC4: Common Criteria related to Monitoring Activities Read More »
What is SOC 2 Risk Assessment (CC3)? Organizations need a firm understanding of enterprise risk assessments to not only properly handle risks within their organization, but to also obtain a clean SOC report thanks to the Common Criteria related to Risk Assessment (pgs. 20-25). When looking at this area, your Company needs to think carefully think
SOC 2 CC3: Common Criteria related to Risk Assessment Read More »
What is SOC 2 Communication and Information (CC2)? CC2 of the SOC 2 Common Criteria covers communication and information controls recommended to be implemented. Communication and Information, as with the other Common Criteria, incorporates COSO requirements. Developed by the Committee of Sponsoring Organization of the Treadway Commission (COSO), these requirements are used to continuously update
SOC 2 CC2: Common Criteria related to Communication and Information Read More »
What Is the SOC 2 Control Environment (CC1)? Out of the Common Criteria, the Control Environment (also known as CC1), addresses several entity level controls that are expected to be in place across the Company. Much like the Common Criteria 2 through 5, CC1 is based upon COSO and borrows from its requirements to use
SOC 2 CC1: Common Criteria related to the Control Environment Read More »
