User at 08:15, 7 December 2021

2021-12-07T08:15:22Z

User: Created page with "Developed by the American Institute of CPAs (AICPA), '''SOC 2''' defines criteria for managing customer data based on five “trust service..."

2021-12-07T07:56:23Z

Created page with "Developed by the American Institute of CPAs (AICPA), '''SOC 2''' defines criteria for managing customer data based on five “trust service..."

New page

Developed by the American Institute of CPAs (AICPA), '''SOC 2''' defines criteria for [[Customer Data Management (CDM)|managing customer data]] based on five “trust service principles”—security, availability, processing integrity, confidentiality and privacy.

← Older revision		Revision as of 08:15, 7 December 2021
Line 1:		Line 1:
	Developed by the American Institute of CPAs (AICPA), '''SOC 2''' defines criteria for [[Customer Data Management (CDM)\|managing customer data]] based on five “trust service principles”—security, availability, processing integrity, confidentiality and privacy.		Developed by the American Institute of CPAs (AICPA), '''SOC 2''' defines criteria for [[Customer Data Management (CDM)\|managing customer data]] based on five “trust service principles”—security, availability, processing integrity, confidentiality and privacy.
		+
		+
		+	== The Importance of SOC 2<ref>Why is SOC 2 compliance important? [https://instapage.com/blog/soc-2-compliance Instapage]</ref> ==
		+	Meeting SOC 2 compliance means establishing processes and practices that guarantee oversight across a company, guaranteeing customers that their data is protected from any unusual, unauthorized, or suspicious activity. To ensure businesses meet SOC 2 requirements, you need to receive alerts whenever unauthorized access to customer data occurs. SOC 2 compliant companies are required to set up alerts for:
		+	*Exposure or modification of data, controls, configurations
		+	*File transfer activities
		+	*Privileged filesystem, account, or login access
		+
		+
		+	== SOC 2 Security Criterion: a 4-Step Checklist<ref>SOC 2 Security Criterion: a 4-Step Checklist [https://www.checkpoint.com/cyber-hub/cyber-security/what-is-soc-2-compliance/ Checkpoint]</ref> ==
		+	Security is the basis of SOC 2 compliance and is a broad standard common to all five Trust Service Criteria.
		+	SOC 2 security principles focus on preventing the unauthorized use of assets and data handled by the organization. This principle requires organizations to implement access controls to prevent malicious attacks, unauthorized deletion of data, misuse, unauthorized alteration or disclosure of company information. Here is a basic SOC 2 compliance checklist, which includes controls covering safety standards:
		+	*Access controls—logical and physical restrictions on assets to prevent access by unauthorized personnel.
		+	*Change management—a controlled process for managing changes to IT systems, and methods for preventing unauthorized changes.
		+	*System operations—controls that can monitor ongoing operations, detect and resolve any deviations from organizational procedures.
		+	*Mitigating risk—methods and activities that allow the organization to identify risks, as well as respond and mitigate them, while addressing any subsequent business.
		+	Keep in mind that SOC 2 criteria do not prescribe exactly what an organization should do—they are open to interpretation.
		+
		+
		+	What does SOC 2 certification entail?
		+	The SOC 2 certification is awarded to businesses by outside auditors upon assessing the extent to which they comply with one or more of these five trust principles:

SOC 2 - Revision history

User at 08:15, 7 December 2021

User: Created page with "Developed by the American Institute of CPAs (AICPA), '''SOC 2''' defines criteria for managing customer data based on five “trust service..."