SOC 2 principles
1. Security: The system must protect the confidentiality, integrity, and availability of the data it stores and processes.
2. Availability: The system must be available for use when needed by authorized users.
3. Processing Integrity: The system must accurately process the data it receives and maintain the security of that data throughout its processing.
4. Confidentiality: The system must protect the confidentiality of the data it stores and processes from unauthorized access.
5. Privacy: The system must protect the privacy of the personal information it collects and stores from unauthorized access and use.
SOC controls are operational policies and procedures that help ensure the security, availability, and processing integrity of systems. They are also sometimes referred to as security safeguards or countermeasures. Learn more about SOC principles from Trustnetinc certified professionals.
There are five common categories of SOC controls:
1. Identification and authentication controls: These controls help ensure that only authorized users can access system resources.
2. Access control controls: These controls help prevent unauthorized access to system resources.
3. Data security controls: These controls help protect the confidentiality, integrity, and availability of data.
4. System security controls: These controls help secure the system against attacks and vulnerabilities.
5. Business continuity and disaster recovery controls: These controls help ensure that the system can continue to operate in the event of an unexpected outage or disaster.
The specific controls that must be implemented will vary depending on the particular system and its environment. However, all systems should have controls in place for each of the five categories listed above.