SOC2 Controls Notes in SG - NETSEC

Latest

Learning, Sharing, Creating

Cybersecurity Memo

Thursday, August 1, 2024

SOC2 Controls Notes in SG

SOC2 Controls





SOC2 Security

 

SecuritySOC2:2017.CC
71

error
Control EnvironmentSOC2:2017.CC.1
12

error
Integrity and EthicsSOC2:2017.CC.1.1
4

check_circle
Sets the Tone at the TopSOC2:2017.CC.1.1.1
2

check_circle
Establishes Standards of ConductSOC2:2017.CC.1.1.2
1

error
Evaluates Adherence to Standards of ConductSOC2:2017.CC.1.1.3
2

error
Addresses Deviations in a Timely MannerSOC2:2017.CC.1.1.4
1

check_circle
Considers Contractors and Vendor Employees in Demonstrating Its CommitmentSOC2:2017.CC.1.1.5
1

error
Board IndependenceSOC2:2017.CC.1.2
1

check_circle
Establishes Oversight ResponsibilitiesSOC2:2017.CC.1.2.1
1

check_circle
Applies Relevant ExpertiseSOC2:2017.CC.1.2.2
1

check_circle
Operates IndependentlySOC2:2017.CC.1.2.3
1

error
Supplements Board ExpertiseSOC2:2017.CC.1.2.4
0

error
Organizational StructureSOC2:2017.CC.1.3
3

check_circle
Considers All Structures of the EntitySOC2:2017.CC.1.3.1
1

check_circle
Establishes Reporting LinesSOC2:2017.CC.1.3.2
1

check_circle
Defines, Assigns, and Limits Authorities and ResponsibilitiesSOC2:2017.CC.1.3.3
2

error
Addresses Specific Requirements When Defining Authorities and ResponsibilitiesSOC2:2017.CC.1.3.4
0

check_circle
Considers Interactions With External Parties When Establishing Structures, Reporting Lines, Authorities, and ResponsibilitiesSOC2:2017.CC.1.3.5
1

error
Hiring, Training and RetentionSOC2:2017.CC.1.4
4

error
Establishes Policies and PracticesSOC2:2017.CC.1.4.1
2

error
Evaluates Competence and Addresses ShortcomingsSOC2:2017.CC.1.4.2
1

check_circle
Attracts, Develops, and Retains IndividualsSOC2:2017.CC.1.4.3
1

error
Plans and Prepares for SuccessionSOC2:2017.CC.1.4.4
0

check_circle
Considers the Background of IndividualsSOC2:2017.CC.1.4.5
1

check_circle
Considers the Technical Competency of IndividualsSOC2:2017.CC.1.4.6
1

error
Provides Training to Maintain Technical CompetenciesSOC2:2017.CC.1.4.7
0

error
Individual AccountabilitySOC2:2017.CC.1.5
4

error
Enforces Accountability Through Structures, Authorities, and ResponsibilitiesSOC2:2017.CC.1.5.1
4

error
Establishes Performance Measures, Incentives, and RewardsSOC2:2017.CC.1.5.2
1

error
Evaluates Performance Measures, Incentives, and Rewards for Ongoing RelevanceSOC2:2017.CC.1.5.3
1

error
Considers Excessive PressuresSOC2:2017.CC.1.5.4
1

error
Evaluates Performance and Rewards or Disciplines IndividualsSOC2:2017.CC.1.5.5
1

error
Communication & InformationSOC2:2017.CC.2
15

error
Use of Information SystemsSOC2:2017.CC.2.1
2

error
Identifies Information RequirementsSOC2:2017.CC.2.1.1
1

error
Captures Internal and External Sources of DataSOC2:2017.CC.2.1.2
0

error
Processes Relevant Data Into InformationSOC2:2017.CC.2.1.3
0

check_circle
Maintains Quality Throughout ProcessingSOC2:2017.CC.2.1.4
1

error
Use of Communication Systems, InternalSOC2:2017.CC.2.2
11

check_circle
Communicates Internal Control InformationSOC2:2017.CC.2.2.1
4

error
Communicates With the Board of DirectorsSOC2:2017.CC.2.2.2
0

check_circle
Provides Separate Communication LinesSOC2:2017.CC.2.2.3
2

check_circle
Selects Relevant Method of CommunicationSOC2:2017.CC.2.2.4
1

check_circle
Communicates ResponsibilitiesSOC2:2017.CC.2.2.5
2

check_circle
Communicates Information on Reporting Failures, Incidents, Concerns, and Other MattersSOC2:2017.CC.2.2.6
2

error
Communicates Objectives and Changes to ObjectivesSOC2:2017.CC.2.2.7
0

check_circle
Communicates Information to Improve Security Knowledge and AwarenessSOC2:2017.CC.2.2.8
1

check_circle
Communicates Information About System Operation and BoundariesSOC2:2017.CC.2.2.9
4

error
Communicates System ObjectivesSOC2:2017.CC.2.2.10
2

error
Communicates System ChangesSOC2:2017.CC.2.2.11
0

error
Use of Communication Systems, ExternalSOC2:2017.CC.2.3
6

check_circle
Communicates to External PartiesSOC2:2017.CC.2.3.1
1

check_circle
Enables Inbound CommunicationsSOC2:2017.CC.2.3.2
1

check_circle
Communicates With the Board of DirectorsSOC2:2017.CC.2.3.3
2

check_circle
Provides Separate Communication LinesSOC2:2017.CC.2.3.4
1

check_circle
Selects Relevant Method of CommunicationSOC2:2017.CC.2.3.5
1

check_circle
Communicates Objectives Related to Confidentiality and Changes to ObjectivesSOC2:2017.CC.2.3.6
1

error
Communicates Objectives Related to Privacy and Changes to ObjectivesSOC2:2017.CC.2.3.7
0

check_circle
Communicates Information About System Operation and BoundariesSOC2:2017.CC.2.3.8
1

check_circle
Communicates System ObjectivesSOC2:2017.CC.2.3.9
1

check_circle
Communicates System ResponsibilitiesSOC2:2017.CC.2.3.10
2

check_circle
Communicates Information on Reporting System Failures, Incidents, Concerns, and Other MattersSOC2:2017.CC.2.3.11
1



Risk AssessmentSOC2:2017.CC.3
7

error
ObjectivesSOC2:2017.CC.3.1
2

error
Reflects Management's ChoicesSOC2:2017.CC.3.1.1
0

error
Considers Tolerances for RiskSOC2:2017.CC.3.1.2
1

error
Includes Operations and Financial Performance GoalsSOC2:2017.CC.3.1.3
0

error
Forms a Basis for Committing of ResourcesSOC2:2017.CC.3.1.4
0

error
Complies With Applicable Accounting StandardsSOC2:2017.CC.3.1.5
0

error
Considers MaterialitySOC2:2017.CC.3.1.6
0

error
Reflects Entity ActivitiesSOC2:2017.CC.3.1.7
0

error
Complies With Externally Established FrameworksSOC2:2017.CC.3.1.8
0

error
Considers the Required Level of PrecisionSOC2:2017.CC.3.1.9
1

error
Reflects Entity ActivitiesSOC2:2017.CC.3.1.10
0

error
Reflects Management's ChoicesSOC2:2017.CC.3.1.11
1

error
Considers the Required Level of PrecisionSOC2:2017.CC.3.1.12
0

error
Reflects Entity ActivitiesSOC2:2017.CC.3.1.13
0

error
Reflects External Laws and RegulationsSOC2:2017.CC.3.1.14
0

error
Considers Tolerances for RiskSOC2:2017.CC.3.1.15
1

error
Establishes Sub-objectives to Support ObjectivesSOC2:2017.CC.3.1.16
0

error
Risk to ObjectivesSOC2:2017.CC.3.2
7

error
Includes Entity, Subsidiary, Division, Operating Unit, and Functional LevelsSOC2:2017.CC.3.2.1
3

error
Analyzes Internal and External FactorsSOC2:2017.CC.3.2.2
1

error
Involves Appropriate Levels of ManagementSOC2:2017.CC.3.2.3
2

error
Estimates Significance of Risks IdentifiedSOC2:2017.CC.3.2.4
1

error
Determines How to Respond to RisksSOC2:2017.CC.3.2.5
0

check_circle
Identifies and Assesses Criticality of Information Assets and Identifies Threats and VulnerabilitiesSOC2:2017.CC.3.2.6
5

error
Analyzes Threats and Vulnerabilities From Vendors, Business Partners, and Other PartiesSOC2:2017.CC.3.2.7
1

error
Considers the Significance of the RiskSOC2:2017.CC.3.2.8
1

error
Fraud Risk to ObjectivesSOC2:2017.CC.3.3
1

error
Considers Various Types of FraudSOC2:2017.CC.3.3.1
1

error
Assesses Incentives and PressuresSOC2:2017.CC.3.3.2
1

error
Assesses OpportunitiesSOC2:2017.CC.3.3.3
1

error
Assesses Attitudes and RationalizationsSOC2:2017.CC.3.3.4
1

error
Considers the Risks Related to the Use of IT and Access to InformationSOC2:2017.CC.3.3.5
1

error
Impact of ChangesSOC2:2017.CC.3.4
2

error
Assesses Changes in the External EnvironmentSOC2:2017.CC.3.4.1
1

error
Assesses Changes in the Business ModelSOC2:2017.CC.3.4.2
1

error
Assesses Changes in LeadershipSOC2:2017.CC.3.4.3
0

error
Assess Changes in Systems and TechnologySOC2:2017.CC.3.4.4
1

error
Assess Changes in Vendor and Business Partner RelationshipsSOC2:2017.CC.3.4.5
2

error
Monitoring ActivitiesSOC2:2017.CC.4
7

error
MonitoringSOC2:2017.CC.4.1
5

check_circle
Considers a Mix of Ongoing and Separate EvaluationsSOC2:2017.CC.4.1.1
3

check_circle
Considers Rate of ChangeSOC2:2017.CC.4.1.2
1

check_circle
Establishes Baseline UnderstandingSOC2:2017.CC.4.1.3
4

error
Uses Knowledgeable PersonnelSOC2:2017.CC.4.1.4
0

check_circle
Integrates With Business ProcessesSOC2:2017.CC.4.1.5
1

check_circle
Adjusts Scope and FrequencySOC2:2017.CC.4.1.6
1

check_circle
Objectively EvaluatesSOC2:2017.CC.4.1.7
1

check_circle
Considers Different Types of Ongoing and Separate EvaluationsSOC2:2017.CC.4.1.8
1

error
RemediationSOC2:2017.CC.4.2
4

check_circle
Assesses ResultsSOC2:2017.CC.4.2.1
2

check_circle
Communicates DeficienciesSOC2:2017.CC.4.2.2
1

error
Monitors Corrective ActionSOC2:2017.CC.4.2.3
2

error
Control ActivitiesSOC2:2017.CC.5
17

error
Objective Risk MitigationSOC2:2017.CC.5.1
8

check_circle
Integrates With Risk AssessmentSOC2:2017.CC.5.1.1
1

check_circle
Considers Entity-Specific FactorsSOC2:2017.CC.5.1.2
3

check_circle
Determines Relevant Business ProcessesSOC2:2017.CC.5.1.3
4

check_circle
Evaluates a Mix of Control Activity TypesSOC2:2017.CC.5.1.4
1

check_circle
Considers at What Level Activities Are AppliedSOC2:2017.CC.5.1.5
1

check_circle
Addresses Segregation of DutiesSOC2:2017.CC.5.1.6
1

error
Technology ControlsSOC2:2017.CC.5.2
4

check_circle
Determines Dependency Between the Use of Technology in Business Processes and Technology General ControlsSOC2:2017.CC.5.2.1
1

error
Establishes Relevant Technology Infrastructure Control ActivitiesSOC2:2017.CC.5.2.2
0

error
Establishes Relevant Security Management Process Controls ActivitiesSOC2:2017.CC.5.2.3
2

check_circle
Establishes Relevant Technology Acquisition, Development, and Maintenance Process Control ActivitiesSOC2:2017.CC.5.2.4
1

error
Established PoliciesSOC2:2017.CC.5.3
9

error
Establishes Policies and Procedures to Support Deployment of Management 's DirectivesSOC2:2017.CC.5.3.1
4

check_circle
Establishes Responsibility and Accountability for Executing Policies and ProceduresSOC2:2017.CC.5.3.2
2

check_circle
Performs in a Timely MannerSOC2:2017.CC.5.3.3
1

check_circle
Takes Corrective ActionSOC2:2017.CC.5.3.4
3

check_circle
Performs Using Competent PersonnelSOC2:2017.CC.5.3.5
2

error
Reassesses Policies and ProceduresSOC2:2017.CC.5.3.6
0

error
Logical & Physical AccessSOC2:2017.CC.6
35

error
Logical AccessSOC2:2017.CC.6.1
17

check_circle
Identifies and Manages the Inventory of Information AssetsSOC2:2017.CC.6.1.1
1

error
Restricts Logical AccessSOC2:2017.CC.6.1.2
5

error
Identifies and Authenticates UsersSOC2:2017.CC.6.1.3
2

check_circle
Considers Network SegmentationSOC2:2017.CC.6.1.4
1

error
Manages Points of AccessSOC2:2017.CC.6.1.5
3

error
Restricts Access to Information AssetsSOC2:2017.CC.6.1.6
3

check_circle
Manages Identification and AuthenticationSOC2:2017.CC.6.1.7
2

check_circle
Manages Credentials for Infrastructure and SoftwareSOC2:2017.CC.6.1.8
2

check_circle
Uses Encryption to Protect DataSOC2:2017.CC.6.1.9
4

check_circle
Protects Encryption KeysSOC2:2017.CC.6.1.10
1

error
User AccessSOC2:2017.CC.6.2
6

error
Controls Access Credentials to Protected AssetsSOC2:2017.CC.6.2.1
4

error
Removes Access to Protected Assets When AppropriateSOC2:2017.CC.6.2.2
1

error
Reviews Appropriateness of Access CredentialsSOC2:2017.CC.6.2.3
1

error
Role-Based AccessSOC2:2017.CC.6.3
6

error
Creates or Modifies Access to Protected Information AssetsSOC2:2017.CC.6.3.1
3

check_circle
Removes Access to Protected Information AssetsSOC2:2017.CC.6.3.2
2

check_circle
Uses Role-Based Access ControlsSOC2:2017.CC.6.3.3
2

check_circle
Reviews Access Roles and RulesSOC2:2017.CC.6.3.4
1

error
Physical AccessSOC2:2017.CC.6.4
2

error
Creates or Modifies Physical AccessSOC2:2017.CC.6.4.1
1

error
Removes Physical AccessSOC2:2017.CC.6.4.2
1

error
Reviews Physical AccessSOC2:2017.CC.6.4.3
0

check_circle
Data DisposalSOC2:2017.CC.6.5
3

check_circle
Identifies Data and Software for DisposalSOC2:2017.CC.6.5.1
1

check_circle
Removes Data and Software From Entity ControlSOC2:2017.CC.6.5.2
3

error
External ThreatsSOC2:2017.CC.6.6
6

error
Restricts AccessSOC2:2017.CC.6.6.1
2

check_circle
Protects Identification and Authentication CredentialsSOC2:2017.CC.6.6.2
2

check_circle
Requires Additional Authentication or CredentialsSOC2:2017.CC.6.6.3
1

check_circle
Implements Boundary Protection SystemsSOC2:2017.CC.6.6.4
1

error
Data Custody and TransmissionSOC2:2017.CC.6.7
9

error
Restricts the Ability to Perform TransmissionSOC2:2017.CC.6.7.1
3

check_circle
Uses Encryption Technologies or Secure Communication Channels to Protect DataSOC2:2017.CC.6.7.2
4

check_circle
Protects Removal MediaSOC2:2017.CC.6.7.3
2

check_circle
Protects Mobile DevicesSOC2:2017.CC.6.7.4
1

error
Malware DetectionSOC2:2017.CC.6.8
7

check_circle
Restricts Application and Software InstallationSOC2:2017.CC.6.8.1
1

error
Detects Unauthorized Changes to Software and Configuration ParametersSOC2:2017.CC.6.8.2
3

check_circle
Uses a Defined Change Control ProcessSOC2:2017.CC.6.8.3
2

check_circle
Uses Antivirus and Anti-Malware SoftwareSOC2:2017.CC.6.8.4
1

check_circle
Scans Information Assets from Outside the Entity for Malware and Other Unauthorized SoftwareSOC2:2017.CC.6.8.5
1

error
System OperationsSOC2:2017.CC.7
16

error
Vulnerability DetectionSOC2:2017.CC.7.1
4

error
Uses Defined Configuration StandardsSOC2:2017.CC.7.1.1
2

check_circle
Monitors Infrastructure and SoftwareSOC2:2017.CC.7.1.2
2

error
Implements Change-Detection MechanismsSOC2:2017.CC.7.1.3
0

check_circle
Detects Unknown or Unauthorized ComponentsSOC2:2017.CC.7.1.4
1

check_circle
Conducts Vulnerability ScansSOC2:2017.CC.7.1.5
1

error
Anomaly DetectionSOC2:2017.CC.7.2
7

check_circle
Implements Detection Policies, Procedures, and ToolsSOC2:2017.CC.7.2.1
2

check_circle
Designs Detection MeasuresSOC2:2017.CC.7.2.2
2

check_circle
Implements Filters to Analyze AnomaliesSOC2:2017.CC.7.2.3
2

error
Monitors Detection Tools for Effective OperationSOC2:2017.CC.7.2.4
4

error
Security Incident EvaluationSOC2:2017.CC.7.3
2

error
Responds to Security IncidentsSOC2:2017.CC.7.3.1
1

error
Communicates and Reviews Detected Security EventsSOC2:2017.CC.7.3.2
2

error
Develops and Implements Procedures to Analyze Security IncidentsSOC2:2017.CC.7.3.3
1

error
Assesses the Impact on Personal InformationSOC2:2017.CC.7.3.4
2

error
Determines Personal Information Used or DisclosedSOC2:2017.CC.7.3.5
0

error
Security Incident Response PlanSOC2:2017.CC.7.4
5

check_circle
Assigns Roles and ResponsibilitiesSOC2:2017.CC.7.4.1
1

error
Contains Security IncidentsSOC2:2017.CC.7.4.2
1

error
Mitigates Ongoing Security IncidentsSOC2:2017.CC.7.4.3
1

check_circle
Ends Threats Posed by Security IncidentsSOC2:2017.CC.7.4.4
2

error
Restores OperationsSOC2:2017.CC.7.4.5
1

check_circle
Develops and Implements Communication Protocols for Security IncidentsSOC2:2017.CC.7.4.6
2

error
Obtains Understanding of Nature of Incident and Determines Containment StrategySOC2:2017.CC.7.4.7
1

error
Remediates Identified VulnerabilitiesSOC2:2017.CC.7.4.8
1

error
Communicates Remediation ActivitiesSOC2:2017.CC.7.4.9
1

error
Evaluates the Effectiveness of Incident ResponseSOC2:2017.CC.7.4.10
0

error
Periodically Evaluates IncidentsSOC2:2017.CC.7.4.11
1

error
Communicates Unauthorized Use and DisclosureSOC2:2017.CC.7.4.12
0

error
Application of SanctionsSOC2:2017.CC.7.4.13
0

error
Security Incident Response ExecutionSOC2:2017.CC.7.5
5

check_circle
Restores the Affected EnvironmentSOC2:2017.CC.7.5.1
3

error
Communicates Information About the EventSOC2:2017.CC.7.5.2
1

check_circle
Determines Root Cause of the EventSOC2:2017.CC.7.5.3
2

error
Implements Changes to Prevent and Detect RecurrencesSOC2:2017.CC.7.5.4
1

error
Improves Response and Recovery ProceduresSOC2:2017.CC.7.5.5
1

error
Implements Incident Recovery Plan TestingSOC2:2017.CC.7.5.6
1

error
Change ManagementSOC2:2017.CC.8
7

error
Change ControlSOC2:2017.CC.8.1
7

check_circle
Manages Changes Throughout the System LifecycleSOC2:2017.CC.8.1.1
1

check_circle
Authorizes ChangesSOC2:2017.CC.8.1.2
2

check_circle
Designs and Develops ChangesSOC2:2017.CC.8.1.3
2

check_circle
Documents ChangesSOC2:2017.CC.8.1.4
2

error
Tracks System ChangesSOC2:2017.CC.8.1.5
3

error
Configures SoftwareSOC2:2017.CC.8.1.6
0

check_circle
Tests System ChangesSOC2:2017.CC.8.1.7
3

check_circle
Approves System ChangesSOC2:2017.CC.8.1.8
2

check_circle
Deploys System ChangesSOC2:2017.CC.8.1.9
1

check_circle
Identifies and Evaluates System ChangesSOC2:2017.CC.8.1.10
1

error
Identifies Changes in Infrastructure, Data, Software, and Procedures Required to Remediate IncidentsSOC2:2017.CC.8.1.11
4

error
Creates Baseline Configuration of IT TechnologySOC2:2017.CC.8.1.12
1

error
Provides for Changes Necessary in Emergency SituationsSOC2:2017.CC.8.1.13
0

error
Protects Confidential InformationSOC2:2017.CC.8.1.14
0

error
Protects Personal InformationSOC2:2017.CC.8.1.15
0

error
Risk MitigationSOC2:2017.CC.9
13

error
Disruption Risk MitigationSOC2:2017.CC.9.1
3

error
Considers Mitigation of Risks of Business DisruptionSOC2:2017.CC.9.1.1
2

check_circle
Considers the Use of Insurance to Mitigate Financial Impact RisksSOC2:2017.CC.9.1.2
1

error
Vendor Risk ManagementSOC2:2017.CC.9.2
10

error
Establishes Requirements for Vendor and Business Partner EngagementsSOC2:2017.CC.9.2.1
3

error
Assesses Vendor and Business Partner RisksSOC2:2017.CC.9.2.2
4

check_circle
Assigns Responsibility and Accountability for Managing Vendors and Business PartnersSOC2:2017.CC.9.2.3
3

error
Establishes Communication Protocols for Vendors and Business PartnersSOC2:2017.CC.9.2.4
4

check_circle
Establishes Exception Handling Procedures From Vendors and Business PartnersSOC2:2017.CC.9.2.5
1

error
Assesses Vendor and Business Partner PerformanceSOC2:2017.CC.9.2.6
1

check_circle
Implements Procedures for Addressing Issues Identified During Vendor and Business Partner AssessmentsSOC2:2017.CC.9.2.7
1

check_circle
Implements Procedures for Terminating Vendor and Business Partner RelationshipsSOC2:2017.CC.9.2.8
2

check_circle
Obtains Confidentiality Commitments from Vendors and Business PartnersSOC2:2017.CC.9.2.9
1

error
Assesses Compliance With Confidentiality Commitments of Vendors and Business PartnersSOC2:2017.CC.9.2.10
1

check_circle
Obtains Privacy Commitments from Vendors and Business PartnersSOC2:2017.CC.9.2.11
1

error
Assesses Compliance with Privacy Commitments of Vendors and Business PartnersSOC2:2017.CC.9.2.12





SOC2 Availability



AvailabilitySOC2:2017.A
10

error
Planning, Environmental Safeguards & RecoverySOC2:2017.A.1
10

error
Capacity Planning & ForecastingSOC2:2017.A.1.1
3

error
Measures Current UsageSOC2:2017.A.1.1.1
2

check_circle
Forecasts CapacitySOC2:2017.A.1.1.2
2

check_circle
Makes Changes Based on ForecastsSOC2:2017.A.1.1.3
2

error
Environmental Monitoring & BackupsSOC2:2017.A.1.2
7

check_circle
Identifies Environmental ThreatsSOC2:2017.A.1.2.1
1

check_circle
Designs Detection MeasuresSOC2:2017.A.1.2.2
2

check_circle
Implements and Maintains Environmental Protection MechanismsSOC2:2017.A.1.2.3
2

check_circle
Implements Alerts to Analyze AnomaliesSOC2:2017.A.1.2.4
1

error
Responds to Environmental Threat EventsSOC2:2017.A.1.2.5
2

check_circle
Communicates and Reviews Detected Environmental Threat EventsSOC2:2017.A.1.2.6
1

check_circle
Determines Data Requiring BackupSOC2:2017.A.1.2.7
1

error
Performs Data BackupSOC2:2017.A.1.2.8
2

check_circle
Addresses Offsite StorageSOC2:2017.A.1.2.9
1

error
Implements Alternate Processing InfrastructureSOC2:2017.A.1.2.10
2

error
Recovery TestingSOC2:2017.A.1.3
3

error
Implements Business Continuity Plan TestingSOC2:2017.A.1.3.1
2

check_circle
Tests Integrity and Completeness of Backup DataSOC2:2017.A.1.3.2




SOC 2 Confidentiality



ConfidentialitySOC2:2017.C
6

circle
InformationSOC2:2017.C.1
6

circle
Confidential Information IdentificationSOC2:2017.C.1.1
6

circle
Identifies Confidential InformationSOC2:2017.C.1.1.1
3

circle
Protects Confidential Information From DestructionSOC2:2017.C.1.1.2
3

circle
Confidential Information DisposalSOC2:2017.C.1.2
2

circle
Identifies Confidential Information for DestructionSOC2:2017.C.1.2.1
2

circle
Destroys Confidential InformationSOC2:2017.C.1.2.2








SOC2 Processing Integrity




Processing IntegritySOC2:2017.PI
11

circle
Processing Inputs & OutputsSOC2:2017.PI.1
11

circle
MonitoringSOC2:2017.PI.1.1
4

circle
Identifies Information SpecificationsSOC2:2017.PI.1.1.1
0

circle
Defines Information Necessary to Support the Use of a Good or ProductSOC2:2017.PI.1.1.2
4

circle
Defines Information Necessary to Support the Use of a Good or ProductSOC2:2017.PI.1.1.3
0

circle
AccuracySOC2:2017.PI.1.2
1

circle
Defines Characteristics of Processing InputsSOC2:2017.PI.1.2.1
1

circle
Evaluates Processing InputsSOC2:2017.PI.1.2.2
1

circle
Creates and Maintains Records of System InputsSOC2:2017.PI.1.2.3
1

circle
OperationsSOC2:2017.PI.1.3
2

circle
Defines Processing SpecificationsSOC2:2017.PI.1.3.1
1

circle
Defines Processing ActivitiesSOC2:2017.PI.1.3.2
1

circle
Detects and Corrects Production ErrorsSOC2:2017.PI.1.3.3
2

circle
Records System Processing ActivitiesSOC2:2017.PI.1.3.4
1

circle
Processes InputsSOC2:2017.PI.1.3.5
1

circle
OutputsSOC2:2017.PI.1.4
4

circle
Protects OutputSOC2:2017.PI.1.4.1
2

circle
Distributes Output Only to Intended PartiesSOC2:2017.PI.1.4.2
1

circle
Distributes Output Completely and AccuratelySOC2:2017.PI.1.4.3
1

circle
Creates and Maintains Records of System Output ActivitiesSOC2:2017.PI.1.4.4
0

circle
BackupsSOC2:2017.PI.1.5
2

circle
Protects Stored ItemsSOC2:2017.PI.1.5.1
1

circle
Archives and Protects System RecordsSOC2:2017.PI.1.5.2
1

circle
Stores Data Completely and AccuratelySOC2:2017.PI.1.5.3
1

circle
Creates and Maintains Records of System Storage ActivitiesSOC2:2017.PI.1.5.4



SOC2 Privacy



PrivacySOC2:2017.P
7

circle
Notice & CommunicationSOC2:2017.P.1
0

circle
Privacy NotificationSOC2:2017.P.1.1
0

circle
Communicates to Data SubjectsSOC2:2017.P.1.1.1
0

circle
Provides Notice to Data SubjectsSOC2:2017.P.1.1.2
0

circle
Covers Entities and Activities in NoticeSOC2:2017.P.1.1.3
0

circle
Uses Clear and Conspicuous LanguageSOC2:2017.P.1.1.4
0

circle
Choice & ConsentSOC2:2017.P.2
0

circle
Privacy Consent and ChoiceSOC2:2017.P.2.1
0

circle
Communicates to Data SubjectsSOC2:2017.P.2.1.1
0

circle
Communicates Consequences of Denying or Withdrawing ConsentSOC2:2017.P.2.1.2
0

circle
Obtains Implicit or Explicit ConsentSOC2:2017.P.2.1.3
0

circle
Documents and Obtains Consent for New Purposes and UsesSOC2:2017.P.2.1.4
0

circle
Obtains Explicit Consent for Sensitive InformationSOC2:2017.P.2.1.5
0

circle
Obtains Consent for Data TransfersSOC2:2017.P.2.1.6
0

circle
CollectionSOC2:2017.P.3
0

circle
Personal Information CollectionSOC2:2017.P.3.1
0

circle
Limits the Collection of Personal InformationSOC2:2017.P.3.1.1
0

circle
Collects Information by Fair and Lawful MeansSOC2:2017.P.3.1.2
0

circle
Collects Information From Reliable SourcesSOC2:2017.P.3.1.3
0

circle
Informs Data Subjects When Additional Information Is AcquiredSOC2:2017.P.3.1.4
0

circle
Explicit ConsentSOC2:2017.P.3.2
0

circle
Obtains Explicit Consent for Sensitive InformationSOC2:2017.P.3.2.1
0

circle
Documents Explicit Consent to Retain InformationSOC2:2017.P.3.2.2
0

circle
Use, Retention & DisposalSOC2:2017.P.4
2

circle
Proper Use of Personal InformationSOC2:2017.P.4.1
0

circle
Uses Personal Information for Intended PurposesSOC2:2017.P.4.1.1
0

circle
Personal Information RetentionSOC2:2017.P.4.2
2

circle
Retains Personal InformationSOC2:2017.P.4.2.1
1

circle
Protects Personal InformationSOC2:2017.P.4.2.2
1

circle
Personal Information DisposalSOC2:2017.P.4.3
2

circle
Captures, Identifies, and Flags Requests for DeletionSOC2:2017.P.4.3.1
2

circle
Disposes of, Destroys, and Redacts Personal InformationSOC2:2017.P.4.3.2
0

circle
Destroys Personal InformationSOC2:2017.P.4.3.3
0

circle
AccessSOC2:2017.P.5
1

circle
Data Subject AccessSOC2:2017.P.5.1
1

circle
Authenticates Data Subjects' IdentitySOC2:2017.P.5.1.1
0

circle
Permits Data Subjects Access to Their Personal InformationSOC2:2017.P.5.1.2
1

circle
Provides Understandable Personal Information Within Reasonable TimeSOC2:2017.P.5.1.3
0

circle
Informs Data Subjects If Access Is DeniedSOC2:2017.P.5.1.4
0

circle
Data Subject AmendmentSOC2:2017.P.5.2
1

circle
Communicates Denial of Access RequestsSOC2:2017.P.5.2.1
1

circle
Permits Data Subjects to Update or Correct Personal InformationSOC2:2017.P.5.2.2
1

circle
Communicates Denial of Correction RequestsSOC2:2017.P.5.2.3
1

circle
Disclosure & NotificationSOC2:2017.P.6
3

circle
Consent for Third Party DisclosureSOC2:2017.P.6.1
1

circle
Communicates Privacy Policies to Third PartiesSOC2:2017.P.6.1.1
0

circle
Discloses Personal Information Only When AppropriateSOC2:2017.P.6.1.2
0

circle
Discloses Personal Information Only to Appropriate Third PartiesSOC2:2017.P.6.1.3
1

circle
Discloses Information to Third Parties for New Purposes and UsesSOC2:2017.P.6.1.4
0

circle
Authorized DisclosuresSOC2:2017.P.6.2
0

circle
Creates and Retains Record of Authorized DisclosuresSOC2:2017.P.6.2.1
0

circle
Unauthorized DisclosuresSOC2:2017.P.6.3
1

circle
Creates and Retains Record of Detected or Reported Unauthorized DisclosuresSOC2:2017.P.6.3.1
1

circle
Appropriate Third Party DisclosureSOC2:2017.P.6.4
1

circle
Discloses Personal Information Only to Appropriate Third PartiesSOC2:2017.P.6.4.1
1

circle
Remediates Misuse of Personal Information by a Third PartySOC2:2017.P.6.4.2
0

circle
Unauthorized Third Party DisclosureSOC2:2017.P.6.5
2

circle
Remediates Misuse of Personal Information by a Third PartySOC2:2017.P.6.5.1
1

circle
Reports Actual or Suspected Unauthorized DisclosuresSOC2:2017.P.6.5.2
1

circle
Notification of Unauthorized Third Party DisclosureSOC2:2017.P.6.6
0

circle
Remediates Misuse of Personal Information by a Third PartySOC2:2017.P.6.6.1
0

circle
Provides Notice of Breaches and IncidentsSOC2:2017.P.6.6.2
0

circle
Accounting of Personal InformationSOC2:2017.P.6.7
0

circle
Identifies Types of Personal Information and Handling ProcessSOC2:2017.P.6.7.1
0

circle
Captures, Identifies, and Communicates Requests for InformationSOC2:2017.P.6.7.2
0

circle
QualitySOC2:2017.P.7
1

circle
Accuracy of Personal InformationSOC2:2017.P.7.1
1

circle
Ensures Accuracy and Completeness of Personal InformationSOC2:2017.P.7.1.1
1

circle
Ensures Relevance of Personal InformationSOC2:2017.P.7.1.2
0

circle
Monitoring & EnforcementSOC2:2017.P.8
2

circle
Personal Information Dispute ResolutionSOC2:2017.P.8.1
2

circle
Communicates to Data SubjectsSOC2:2017.P.8.1.1
0

circle
Addresses Inquiries, Complaints, and DisputesSOC2:2017.P.8.1.2
0

circle
Documents and Communicates Dispute Resolution and RecourseSOC2:2017.P.8.1.3
0

circle
Documents and Reports Compliance Review ResultsSOC2:2017.P.8.1.4
1

circle
Documents and Reports Instances of NoncomplianceSOC2:2017.P.8.1.5
1

circle
Performs Ongoing MonitoringSOC2:2017.P.8.1.6




 

Data Sources


No comments:

Post a Comment