Scribd
Upload
18 views

SOC 2

Uploaded by

v-anuraag.warawadeka
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
18 views

SOC 2

Uploaded by

v-anuraag.warawadeka
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 6

SOC 2

1
What is SOC 2 ?

What does it cover ? Who needs one ?

Organizations that store, process,


or transmit any kind of customer
data.
Security Privacy Availability
E.g., SaaS companies, data
hosting or processing providers,
cloud storage services, etc.

Processing Integrity Confidentiality

2
Benefits of SOC 2

3
Type 1 vs Type 2

SOC 2 Type 1 Type 2


Attests that your internal
controls have been Tests both the design and
effectively designed to meet operating effectiveness of
What?
SOC 2 requirements at a internal controls over a period
particular point in time (typically 6-12 months)

Why? Starting your SOC 2 journey Completed Type 1

Monitoring Period Point in time 6-12 months

4
Approach

• Specifying Applicable Trust Service Principles


Phase 1 - Planning
• Scoping

• Documentation Review
Phase 2 – Walkthroughs &
Control Testing • Stakeholder Interview
• Evidence Collection

• Gap Assessment Report


Phase 3 – Reporting
• Recommendations

5
Security Domains

Incident Response & Software Development &


Governance Cryptography
Recovery Change Management

Endpoint Security + Anti


Risk Management Capacity Management Backup Management
Malware

Compliance Data Security HR & Physical Security Security Monitoring

Business Continuity & Vulnerability


Asset Management Network Security
Disaster Recovery Management

Security Awareness &


Security Audits Access Management Information Classification
Training

You might also like