SOC2 Controls
SOC2 Security
ÂSecuritySOC2:2017.CC
71
Control EnvironmentSOC2:2017.CC.1
12
Integrity and EthicsSOC2:2017.CC.1.1
4
Sets the Tone at the TopSOC2:2017.CC.1.1.1
2
Establishes Standards of ConductSOC2:2017.CC.1.1.2
1
Evaluates Adherence to Standards of ConductSOC2:2017.CC.1.1.3
2
Addresses Deviations in a Timely MannerSOC2:2017.CC.1.1.4
1
Considers Contractors and Vendor Employees in Demonstrating Its CommitmentSOC2:2017.CC.1.1.5
1
Board IndependenceSOC2:2017.CC.1.2
1
Establishes Oversight ResponsibilitiesSOC2:2017.CC.1.2.1
1
Applies Relevant ExpertiseSOC2:2017.CC.1.2.2
1
Operates IndependentlySOC2:2017.CC.1.2.3
1
Supplements Board ExpertiseSOC2:2017.CC.1.2.4
0
Organizational StructureSOC2:2017.CC.1.3
3
Considers All Structures of the EntitySOC2:2017.CC.1.3.1
1
Establishes Reporting LinesSOC2:2017.CC.1.3.2
1
Defines, Assigns, and Limits Authorities and ResponsibilitiesSOC2:2017.CC.1.3.3
2
Addresses Specific Requirements When Defining Authorities and ResponsibilitiesSOC2:2017.CC.1.3.4
0
Considers Interactions With External Parties When Establishing Structures, Reporting Lines, Authorities, and ResponsibilitiesSOC2:2017.CC.1.3.5
1
Hiring, Training and RetentionSOC2:2017.CC.1.4
4
Establishes Policies and PracticesSOC2:2017.CC.1.4.1
2
Evaluates Competence and Addresses ShortcomingsSOC2:2017.CC.1.4.2
1
Attracts, Develops, and Retains IndividualsSOC2:2017.CC.1.4.3
1
Plans and Prepares for SuccessionSOC2:2017.CC.1.4.4
0
Considers the Background of IndividualsSOC2:2017.CC.1.4.5
1
Considers the Technical Competency of IndividualsSOC2:2017.CC.1.4.6
1
Provides Training to Maintain Technical CompetenciesSOC2:2017.CC.1.4.7
0
Individual AccountabilitySOC2:2017.CC.1.5
4
Enforces Accountability Through Structures, Authorities, and ResponsibilitiesSOC2:2017.CC.1.5.1
4
Establishes Performance Measures, Incentives, and RewardsSOC2:2017.CC.1.5.2
1
Evaluates Performance Measures, Incentives, and Rewards for Ongoing RelevanceSOC2:2017.CC.1.5.3
1
Considers Excessive PressuresSOC2:2017.CC.1.5.4
1
Evaluates Performance and Rewards or Disciplines IndividualsSOC2:2017.CC.1.5.5
1
Communication & InformationSOC2:2017.CC.2
15
Use of Information SystemsSOC2:2017.CC.2.1
2
Identifies Information RequirementsSOC2:2017.CC.2.1.1
1
Captures Internal and External Sources of DataSOC2:2017.CC.2.1.2
0
Processes Relevant Data Into InformationSOC2:2017.CC.2.1.3
0
Maintains Quality Throughout ProcessingSOC2:2017.CC.2.1.4
1
Use of Communication Systems, InternalSOC2:2017.CC.2.2
11
Communicates Internal Control InformationSOC2:2017.CC.2.2.1
4
Communicates With the Board of DirectorsSOC2:2017.CC.2.2.2
0
Provides Separate Communication LinesSOC2:2017.CC.2.2.3
2
Selects Relevant Method of CommunicationSOC2:2017.CC.2.2.4
1
Communicates ResponsibilitiesSOC2:2017.CC.2.2.5
2
Communicates Information on Reporting Failures, Incidents, Concerns, and Other MattersSOC2:2017.CC.2.2.6
2
Communicates Objectives and Changes to ObjectivesSOC2:2017.CC.2.2.7
0
Communicates Information to Improve Security Knowledge and AwarenessSOC2:2017.CC.2.2.8
1
Communicates Information About System Operation and BoundariesSOC2:2017.CC.2.2.9
4
Communicates System ObjectivesSOC2:2017.CC.2.2.10
2
Communicates System ChangesSOC2:2017.CC.2.2.11
0
Use of Communication Systems, ExternalSOC2:2017.CC.2.3
6
Communicates to External PartiesSOC2:2017.CC.2.3.1
1
Enables Inbound CommunicationsSOC2:2017.CC.2.3.2
1
Communicates With the Board of DirectorsSOC2:2017.CC.2.3.3
2
Provides Separate Communication LinesSOC2:2017.CC.2.3.4
1
Selects Relevant Method of CommunicationSOC2:2017.CC.2.3.5
1
Communicates Objectives Related to Confidentiality and Changes to ObjectivesSOC2:2017.CC.2.3.6
1
Communicates Objectives Related to Privacy and Changes to ObjectivesSOC2:2017.CC.2.3.7
0
Communicates Information About System Operation and BoundariesSOC2:2017.CC.2.3.8
1
Communicates System ObjectivesSOC2:2017.CC.2.3.9
1
Communicates System ResponsibilitiesSOC2:2017.CC.2.3.10
2
Communicates Information on Reporting System Failures, Incidents, Concerns, and Other MattersSOC2:2017.CC.2.3.11
1
Risk AssessmentSOC2:2017.CC.3
7
ObjectivesSOC2:2017.CC.3.1
2
Reflects Management's ChoicesSOC2:2017.CC.3.1.1
0
Considers Tolerances for RiskSOC2:2017.CC.3.1.2
1
Includes Operations and Financial Performance GoalsSOC2:2017.CC.3.1.3
0
Forms a Basis for Committing of ResourcesSOC2:2017.CC.3.1.4
0
Complies With Applicable Accounting StandardsSOC2:2017.CC.3.1.5
0
Considers MaterialitySOC2:2017.CC.3.1.6
0
Reflects Entity ActivitiesSOC2:2017.CC.3.1.7
0
Complies With Externally Established FrameworksSOC2:2017.CC.3.1.8
0
Considers the Required Level of PrecisionSOC2:2017.CC.3.1.9
1
Reflects Entity ActivitiesSOC2:2017.CC.3.1.10
0
Reflects Management's ChoicesSOC2:2017.CC.3.1.11
1
Considers the Required Level of PrecisionSOC2:2017.CC.3.1.12
0
Reflects Entity ActivitiesSOC2:2017.CC.3.1.13
0
Reflects External Laws and RegulationsSOC2:2017.CC.3.1.14
0
Considers Tolerances for RiskSOC2:2017.CC.3.1.15
1
Establishes Sub-objectives to Support ObjectivesSOC2:2017.CC.3.1.16
0
Risk to ObjectivesSOC2:2017.CC.3.2
7
Includes Entity, Subsidiary, Division, Operating Unit, and Functional LevelsSOC2:2017.CC.3.2.1
3
Analyzes Internal and External FactorsSOC2:2017.CC.3.2.2
1
Involves Appropriate Levels of ManagementSOC2:2017.CC.3.2.3
2
Estimates Significance of Risks IdentifiedSOC2:2017.CC.3.2.4
1
Determines How to Respond to RisksSOC2:2017.CC.3.2.5
0
Identifies and Assesses Criticality of Information Assets and Identifies Threats and VulnerabilitiesSOC2:2017.CC.3.2.6
5
Analyzes Threats and Vulnerabilities From Vendors, Business Partners, and Other PartiesSOC2:2017.CC.3.2.7
1
Considers the Significance of the RiskSOC2:2017.CC.3.2.8
1
Fraud Risk to ObjectivesSOC2:2017.CC.3.3
1
Considers Various Types of FraudSOC2:2017.CC.3.3.1
1
Assesses Incentives and PressuresSOC2:2017.CC.3.3.2
1
Assesses OpportunitiesSOC2:2017.CC.3.3.3
1
Assesses Attitudes and RationalizationsSOC2:2017.CC.3.3.4
1
Considers the Risks Related to the Use of IT and Access to InformationSOC2:2017.CC.3.3.5
1
Impact of ChangesSOC2:2017.CC.3.4
2
Assesses Changes in the External EnvironmentSOC2:2017.CC.3.4.1
1
Assesses Changes in the Business ModelSOC2:2017.CC.3.4.2
1
Assesses Changes in LeadershipSOC2:2017.CC.3.4.3
0
Assess Changes in Systems and TechnologySOC2:2017.CC.3.4.4
1
Assess Changes in Vendor and Business Partner RelationshipsSOC2:2017.CC.3.4.5
2
Monitoring ActivitiesSOC2:2017.CC.4
7
MonitoringSOC2:2017.CC.4.1
5
Considers a Mix of Ongoing and Separate EvaluationsSOC2:2017.CC.4.1.1
3
Considers Rate of ChangeSOC2:2017.CC.4.1.2
1
Establishes Baseline UnderstandingSOC2:2017.CC.4.1.3
4
Uses Knowledgeable PersonnelSOC2:2017.CC.4.1.4
0
Integrates With Business ProcessesSOC2:2017.CC.4.1.5
1
Adjusts Scope and FrequencySOC2:2017.CC.4.1.6
1
Objectively EvaluatesSOC2:2017.CC.4.1.7
1
Considers Different Types of Ongoing and Separate EvaluationsSOC2:2017.CC.4.1.8
1
RemediationSOC2:2017.CC.4.2
4
Assesses ResultsSOC2:2017.CC.4.2.1
2
Communicates DeficienciesSOC2:2017.CC.4.2.2
1
Monitors Corrective ActionSOC2:2017.CC.4.2.3
2
Control ActivitiesSOC2:2017.CC.5
17
Objective Risk MitigationSOC2:2017.CC.5.1
8
Integrates With Risk AssessmentSOC2:2017.CC.5.1.1
1
Considers Entity-Specific FactorsSOC2:2017.CC.5.1.2
3
Determines Relevant Business ProcessesSOC2:2017.CC.5.1.3
4
Evaluates a Mix of Control Activity TypesSOC2:2017.CC.5.1.4
1
Considers at What Level Activities Are AppliedSOC2:2017.CC.5.1.5
1
Addresses Segregation of DutiesSOC2:2017.CC.5.1.6
1
Technology ControlsSOC2:2017.CC.5.2
4
Determines Dependency Between the Use of Technology in Business Processes and Technology General ControlsSOC2:2017.CC.5.2.1
1
Establishes Relevant Technology Infrastructure Control ActivitiesSOC2:2017.CC.5.2.2
0
Establishes Relevant Security Management Process Controls ActivitiesSOC2:2017.CC.5.2.3
2
Establishes Relevant Technology Acquisition, Development, and Maintenance Process Control ActivitiesSOC2:2017.CC.5.2.4
1
Established PoliciesSOC2:2017.CC.5.3
9
Establishes Policies and Procedures to Support Deployment of Management 's DirectivesSOC2:2017.CC.5.3.1
4
Establishes Responsibility and Accountability for Executing Policies and ProceduresSOC2:2017.CC.5.3.2
2
Performs in a Timely MannerSOC2:2017.CC.5.3.3
1
Takes Corrective ActionSOC2:2017.CC.5.3.4
3
Performs Using Competent PersonnelSOC2:2017.CC.5.3.5
2
Reassesses Policies and ProceduresSOC2:2017.CC.5.3.6
0
Logical & Physical AccessSOC2:2017.CC.6
35
Logical AccessSOC2:2017.CC.6.1
17
Identifies and Manages the Inventory of Information AssetsSOC2:2017.CC.6.1.1
1
Restricts Logical AccessSOC2:2017.CC.6.1.2
5
Identifies and Authenticates UsersSOC2:2017.CC.6.1.3
2
Considers Network SegmentationSOC2:2017.CC.6.1.4
1
Manages Points of AccessSOC2:2017.CC.6.1.5
3
Restricts Access to Information AssetsSOC2:2017.CC.6.1.6
3
Manages Identification and AuthenticationSOC2:2017.CC.6.1.7
2
Manages Credentials for Infrastructure and SoftwareSOC2:2017.CC.6.1.8
2
Uses Encryption to Protect DataSOC2:2017.CC.6.1.9
4
Protects Encryption KeysSOC2:2017.CC.6.1.10
1
User AccessSOC2:2017.CC.6.2
6
Controls Access Credentials to Protected AssetsSOC2:2017.CC.6.2.1
4
Removes Access to Protected Assets When AppropriateSOC2:2017.CC.6.2.2
1
Reviews Appropriateness of Access CredentialsSOC2:2017.CC.6.2.3
1
Role-Based AccessSOC2:2017.CC.6.3
6
Creates or Modifies Access to Protected Information AssetsSOC2:2017.CC.6.3.1
3
Removes Access to Protected Information AssetsSOC2:2017.CC.6.3.2
2
Uses Role-Based Access ControlsSOC2:2017.CC.6.3.3
2
Reviews Access Roles and RulesSOC2:2017.CC.6.3.4
1
Physical AccessSOC2:2017.CC.6.4
2
Creates or Modifies Physical AccessSOC2:2017.CC.6.4.1
1
Removes Physical AccessSOC2:2017.CC.6.4.2
1
Reviews Physical AccessSOC2:2017.CC.6.4.3
0
Data DisposalSOC2:2017.CC.6.5
3
Identifies Data and Software for DisposalSOC2:2017.CC.6.5.1
1
Removes Data and Software From Entity ControlSOC2:2017.CC.6.5.2
3
External ThreatsSOC2:2017.CC.6.6
6
Restricts AccessSOC2:2017.CC.6.6.1
2
Protects Identification and Authentication CredentialsSOC2:2017.CC.6.6.2
2
Requires Additional Authentication or CredentialsSOC2:2017.CC.6.6.3
1
Implements Boundary Protection SystemsSOC2:2017.CC.6.6.4
1
Data Custody and TransmissionSOC2:2017.CC.6.7
9
Restricts the Ability to Perform TransmissionSOC2:2017.CC.6.7.1
3
Uses Encryption Technologies or Secure Communication Channels to Protect DataSOC2:2017.CC.6.7.2
4
Protects Removal MediaSOC2:2017.CC.6.7.3
2
Protects Mobile DevicesSOC2:2017.CC.6.7.4
1
Malware DetectionSOC2:2017.CC.6.8
7
Restricts Application and Software InstallationSOC2:2017.CC.6.8.1
1
Detects Unauthorized Changes to Software and Configuration ParametersSOC2:2017.CC.6.8.2
3
Uses a Defined Change Control ProcessSOC2:2017.CC.6.8.3
2
Uses Antivirus and Anti-Malware SoftwareSOC2:2017.CC.6.8.4
1
Scans Information Assets from Outside the Entity for Malware and Other Unauthorized SoftwareSOC2:2017.CC.6.8.5
1
System OperationsSOC2:2017.CC.7
16
Vulnerability DetectionSOC2:2017.CC.7.1
4
Uses Defined Configuration StandardsSOC2:2017.CC.7.1.1
2
Monitors Infrastructure and SoftwareSOC2:2017.CC.7.1.2
2
Implements Change-Detection MechanismsSOC2:2017.CC.7.1.3
0
Detects Unknown or Unauthorized ComponentsSOC2:2017.CC.7.1.4
1
Conducts Vulnerability ScansSOC2:2017.CC.7.1.5
1
Anomaly DetectionSOC2:2017.CC.7.2
7
Implements Detection Policies, Procedures, and ToolsSOC2:2017.CC.7.2.1
2
Designs Detection MeasuresSOC2:2017.CC.7.2.2
2
Implements Filters to Analyze AnomaliesSOC2:2017.CC.7.2.3
2
Monitors Detection Tools for Effective OperationSOC2:2017.CC.7.2.4
4
Security Incident EvaluationSOC2:2017.CC.7.3
2
Responds to Security IncidentsSOC2:2017.CC.7.3.1
1
Communicates and Reviews Detected Security EventsSOC2:2017.CC.7.3.2
2
Develops and Implements Procedures to Analyze Security IncidentsSOC2:2017.CC.7.3.3
1
Assesses the Impact on Personal InformationSOC2:2017.CC.7.3.4
2
Determines Personal Information Used or DisclosedSOC2:2017.CC.7.3.5
0
Security Incident Response PlanSOC2:2017.CC.7.4
5
Assigns Roles and ResponsibilitiesSOC2:2017.CC.7.4.1
1
Contains Security IncidentsSOC2:2017.CC.7.4.2
1
Mitigates Ongoing Security IncidentsSOC2:2017.CC.7.4.3
1
Ends Threats Posed by Security IncidentsSOC2:2017.CC.7.4.4
2
Restores OperationsSOC2:2017.CC.7.4.5
1
Develops and Implements Communication Protocols for Security IncidentsSOC2:2017.CC.7.4.6
2
Obtains Understanding of Nature of Incident and Determines Containment StrategySOC2:2017.CC.7.4.7
1
Remediates Identified VulnerabilitiesSOC2:2017.CC.7.4.8
1
Communicates Remediation ActivitiesSOC2:2017.CC.7.4.9
1
Evaluates the Effectiveness of Incident ResponseSOC2:2017.CC.7.4.10
0
Periodically Evaluates IncidentsSOC2:2017.CC.7.4.11
1
Communicates Unauthorized Use and DisclosureSOC2:2017.CC.7.4.12
0
Application of SanctionsSOC2:2017.CC.7.4.13
0
Security Incident Response ExecutionSOC2:2017.CC.7.5
5
Restores the Affected EnvironmentSOC2:2017.CC.7.5.1
3
Communicates Information About the EventSOC2:2017.CC.7.5.2
1
Determines Root Cause of the EventSOC2:2017.CC.7.5.3
2
Implements Changes to Prevent and Detect RecurrencesSOC2:2017.CC.7.5.4
1
Improves Response and Recovery ProceduresSOC2:2017.CC.7.5.5
1
Implements Incident Recovery Plan TestingSOC2:2017.CC.7.5.6
1
Change ManagementSOC2:2017.CC.8
7
Change ControlSOC2:2017.CC.8.1
7
Manages Changes Throughout the System LifecycleSOC2:2017.CC.8.1.1
1
Authorizes ChangesSOC2:2017.CC.8.1.2
2
Designs and Develops ChangesSOC2:2017.CC.8.1.3
2
Documents ChangesSOC2:2017.CC.8.1.4
2
Tracks System ChangesSOC2:2017.CC.8.1.5
3
Configures SoftwareSOC2:2017.CC.8.1.6
0
Tests System ChangesSOC2:2017.CC.8.1.7
3
Approves System ChangesSOC2:2017.CC.8.1.8
2
Deploys System ChangesSOC2:2017.CC.8.1.9
1
Identifies and Evaluates System ChangesSOC2:2017.CC.8.1.10
1
Identifies Changes in Infrastructure, Data, Software, and Procedures Required to Remediate IncidentsSOC2:2017.CC.8.1.11
4
Creates Baseline Configuration of IT TechnologySOC2:2017.CC.8.1.12
1
Provides for Changes Necessary in Emergency SituationsSOC2:2017.CC.8.1.13
0
Protects Confidential InformationSOC2:2017.CC.8.1.14
0
Protects Personal InformationSOC2:2017.CC.8.1.15
0
Risk MitigationSOC2:2017.CC.9
13
Disruption Risk MitigationSOC2:2017.CC.9.1
3
Considers Mitigation of Risks of Business DisruptionSOC2:2017.CC.9.1.1
2
Considers the Use of Insurance to Mitigate Financial Impact RisksSOC2:2017.CC.9.1.2
1
Vendor Risk ManagementSOC2:2017.CC.9.2
10
Establishes Requirements for Vendor and Business Partner EngagementsSOC2:2017.CC.9.2.1
3
Assesses Vendor and Business Partner RisksSOC2:2017.CC.9.2.2
4
Assigns Responsibility and Accountability for Managing Vendors and Business PartnersSOC2:2017.CC.9.2.3
3
Establishes Communication Protocols for Vendors and Business PartnersSOC2:2017.CC.9.2.4
4
Establishes Exception Handling Procedures From Vendors and Business PartnersSOC2:2017.CC.9.2.5
1
Assesses Vendor and Business Partner PerformanceSOC2:2017.CC.9.2.6
1
Implements Procedures for Addressing Issues Identified During Vendor and Business Partner AssessmentsSOC2:2017.CC.9.2.7
1
Implements Procedures for Terminating Vendor and Business Partner RelationshipsSOC2:2017.CC.9.2.8
2
Obtains Confidentiality Commitments from Vendors and Business PartnersSOC2:2017.CC.9.2.9
1
Assesses Compliance With Confidentiality Commitments of Vendors and Business PartnersSOC2:2017.CC.9.2.10
1
Obtains Privacy Commitments from Vendors and Business PartnersSOC2:2017.CC.9.2.11
1
Assesses Compliance with Privacy Commitments of Vendors and Business PartnersSOC2:2017.CC.9.2.12
SOC2 Availability
AvailabilitySOC2:2017.A
10
Planning, Environmental Safeguards & RecoverySOC2:2017.A.1
10
Capacity Planning & ForecastingSOC2:2017.A.1.1
3
Measures Current UsageSOC2:2017.A.1.1.1
2
Forecasts CapacitySOC2:2017.A.1.1.2
2
Makes Changes Based on ForecastsSOC2:2017.A.1.1.3
2
Environmental Monitoring & BackupsSOC2:2017.A.1.2
7
Identifies Environmental ThreatsSOC2:2017.A.1.2.1
1
Designs Detection MeasuresSOC2:2017.A.1.2.2
2
Implements and Maintains Environmental Protection MechanismsSOC2:2017.A.1.2.3
2
Implements Alerts to Analyze AnomaliesSOC2:2017.A.1.2.4
1
Responds to Environmental Threat EventsSOC2:2017.A.1.2.5
2
Communicates and Reviews Detected Environmental Threat EventsSOC2:2017.A.1.2.6
1
Determines Data Requiring BackupSOC2:2017.A.1.2.7
1
Performs Data BackupSOC2:2017.A.1.2.8
2
Addresses Offsite StorageSOC2:2017.A.1.2.9
1
Implements Alternate Processing InfrastructureSOC2:2017.A.1.2.10
2
Recovery TestingSOC2:2017.A.1.3
3
Implements Business Continuity Plan TestingSOC2:2017.A.1.3.1
2
Tests Integrity and Completeness of Backup DataSOC2:2017.A.1.3.2
SOC 2 Confidentiality
ConfidentialitySOC2:2017.C
6
InformationSOC2:2017.C.1
6
Confidential Information IdentificationSOC2:2017.C.1.1
6
Identifies Confidential InformationSOC2:2017.C.1.1.1
3
Protects Confidential Information From DestructionSOC2:2017.C.1.1.2
3
Confidential Information DisposalSOC2:2017.C.1.2
2
Identifies Confidential Information for DestructionSOC2:2017.C.1.2.1
2
Destroys Confidential InformationSOC2:2017.C.1.2.2
SOC2 Processing Integrity
Processing IntegritySOC2:2017.PI
11
Processing Inputs & OutputsSOC2:2017.PI.1
11
MonitoringSOC2:2017.PI.1.1
4
Identifies Information SpecificationsSOC2:2017.PI.1.1.1
0
Defines Information Necessary to Support the Use of a Good or ProductSOC2:2017.PI.1.1.2
4
Defines Information Necessary to Support the Use of a Good or ProductSOC2:2017.PI.1.1.3
0
AccuracySOC2:2017.PI.1.2
1
Defines Characteristics of Processing InputsSOC2:2017.PI.1.2.1
1
Evaluates Processing InputsSOC2:2017.PI.1.2.2
1
Creates and Maintains Records of System InputsSOC2:2017.PI.1.2.3
1
OperationsSOC2:2017.PI.1.3
2
Defines Processing SpecificationsSOC2:2017.PI.1.3.1
1
Defines Processing ActivitiesSOC2:2017.PI.1.3.2
1
Detects and Corrects Production ErrorsSOC2:2017.PI.1.3.3
2
Records System Processing ActivitiesSOC2:2017.PI.1.3.4
1
Processes InputsSOC2:2017.PI.1.3.5
1
OutputsSOC2:2017.PI.1.4
4
Protects OutputSOC2:2017.PI.1.4.1
2
Distributes Output Only to Intended PartiesSOC2:2017.PI.1.4.2
1
Distributes Output Completely and AccuratelySOC2:2017.PI.1.4.3
1
Creates and Maintains Records of System Output ActivitiesSOC2:2017.PI.1.4.4
0
BackupsSOC2:2017.PI.1.5
2
Protects Stored ItemsSOC2:2017.PI.1.5.1
1
Archives and Protects System RecordsSOC2:2017.PI.1.5.2
1
Stores Data Completely and AccuratelySOC2:2017.PI.1.5.3
1
Creates and Maintains Records of System Storage ActivitiesSOC2:2017.PI.1.5.4
SOC2 Privacy
PrivacySOC2:2017.P
7
Notice & CommunicationSOC2:2017.P.1
0
Privacy NotificationSOC2:2017.P.1.1
0
Communicates to Data SubjectsSOC2:2017.P.1.1.1
0
Provides Notice to Data SubjectsSOC2:2017.P.1.1.2
0
Covers Entities and Activities in NoticeSOC2:2017.P.1.1.3
0
Uses Clear and Conspicuous LanguageSOC2:2017.P.1.1.4
0
Choice & ConsentSOC2:2017.P.2
0
Privacy Consent and ChoiceSOC2:2017.P.2.1
0
Communicates to Data SubjectsSOC2:2017.P.2.1.1
0
Communicates Consequences of Denying or Withdrawing ConsentSOC2:2017.P.2.1.2
0
Obtains Implicit or Explicit ConsentSOC2:2017.P.2.1.3
0
Documents and Obtains Consent for New Purposes and UsesSOC2:2017.P.2.1.4
0
Obtains Explicit Consent for Sensitive InformationSOC2:2017.P.2.1.5
0
Obtains Consent for Data TransfersSOC2:2017.P.2.1.6
0
CollectionSOC2:2017.P.3
0
Personal Information CollectionSOC2:2017.P.3.1
0
Limits the Collection of Personal InformationSOC2:2017.P.3.1.1
0
Collects Information by Fair and Lawful MeansSOC2:2017.P.3.1.2
0
Collects Information From Reliable SourcesSOC2:2017.P.3.1.3
0
Informs Data Subjects When Additional Information Is AcquiredSOC2:2017.P.3.1.4
0
Explicit ConsentSOC2:2017.P.3.2
0
Obtains Explicit Consent for Sensitive InformationSOC2:2017.P.3.2.1
0
Documents Explicit Consent to Retain InformationSOC2:2017.P.3.2.2
0
Use, Retention & DisposalSOC2:2017.P.4
2
Proper Use of Personal InformationSOC2:2017.P.4.1
0
Uses Personal Information for Intended PurposesSOC2:2017.P.4.1.1
0
Personal Information RetentionSOC2:2017.P.4.2
2
Retains Personal InformationSOC2:2017.P.4.2.1
1
Protects Personal InformationSOC2:2017.P.4.2.2
1
Personal Information DisposalSOC2:2017.P.4.3
2
Captures, Identifies, and Flags Requests for DeletionSOC2:2017.P.4.3.1
2
Disposes of, Destroys, and Redacts Personal InformationSOC2:2017.P.4.3.2
0
Destroys Personal InformationSOC2:2017.P.4.3.3
0
AccessSOC2:2017.P.5
1
Data Subject AccessSOC2:2017.P.5.1
1
Authenticates Data Subjects' IdentitySOC2:2017.P.5.1.1
0
Permits Data Subjects Access to Their Personal InformationSOC2:2017.P.5.1.2
1
Provides Understandable Personal Information Within Reasonable TimeSOC2:2017.P.5.1.3
0
Informs Data Subjects If Access Is DeniedSOC2:2017.P.5.1.4
0
Data Subject AmendmentSOC2:2017.P.5.2
1
Communicates Denial of Access RequestsSOC2:2017.P.5.2.1
1
Permits Data Subjects to Update or Correct Personal InformationSOC2:2017.P.5.2.2
1
Communicates Denial of Correction RequestsSOC2:2017.P.5.2.3
1
Disclosure & NotificationSOC2:2017.P.6
3
Consent for Third Party DisclosureSOC2:2017.P.6.1
1
Communicates Privacy Policies to Third PartiesSOC2:2017.P.6.1.1
0
Discloses Personal Information Only When AppropriateSOC2:2017.P.6.1.2
0
Discloses Personal Information Only to Appropriate Third PartiesSOC2:2017.P.6.1.3
1
Discloses Information to Third Parties for New Purposes and UsesSOC2:2017.P.6.1.4
0
Authorized DisclosuresSOC2:2017.P.6.2
0
Creates and Retains Record of Authorized DisclosuresSOC2:2017.P.6.2.1
0
Unauthorized DisclosuresSOC2:2017.P.6.3
1
Creates and Retains Record of Detected or Reported Unauthorized DisclosuresSOC2:2017.P.6.3.1
1
Appropriate Third Party DisclosureSOC2:2017.P.6.4
1
Discloses Personal Information Only to Appropriate Third PartiesSOC2:2017.P.6.4.1
1
Remediates Misuse of Personal Information by a Third PartySOC2:2017.P.6.4.2
0
Unauthorized Third Party DisclosureSOC2:2017.P.6.5
2
Remediates Misuse of Personal Information by a Third PartySOC2:2017.P.6.5.1
1
Reports Actual or Suspected Unauthorized DisclosuresSOC2:2017.P.6.5.2
1
Notification of Unauthorized Third Party DisclosureSOC2:2017.P.6.6
0
Remediates Misuse of Personal Information by a Third PartySOC2:2017.P.6.6.1
0
Provides Notice of Breaches and IncidentsSOC2:2017.P.6.6.2
0
Accounting of Personal InformationSOC2:2017.P.6.7
0
Identifies Types of Personal Information and Handling ProcessSOC2:2017.P.6.7.1
0
Captures, Identifies, and Communicates Requests for InformationSOC2:2017.P.6.7.2
0
QualitySOC2:2017.P.7
1
Accuracy of Personal InformationSOC2:2017.P.7.1
1
Ensures Accuracy and Completeness of Personal InformationSOC2:2017.P.7.1.1
1
Ensures Relevance of Personal InformationSOC2:2017.P.7.1.2
0
Monitoring & EnforcementSOC2:2017.P.8
2
Personal Information Dispute ResolutionSOC2:2017.P.8.1
2
Communicates to Data SubjectsSOC2:2017.P.8.1.1
0
Addresses Inquiries, Complaints, and DisputesSOC2:2017.P.8.1.2
0
Documents and Communicates Dispute Resolution and RecourseSOC2:2017.P.8.1.3
0
Documents and Reports Compliance Review ResultsSOC2:2017.P.8.1.4
1
Documents and Reports Instances of NoncomplianceSOC2:2017.P.8.1.5
1
Performs Ongoing MonitoringSOC2:2017.P.8.1.6
No comments:
Post a Comment