SOC 2 Criteria
We go deep into each Trust Services Criteria, stop guessing what will be covered on your SOC 2 & dive in.
14 articles in this collection
Written by AJ Yawn and Jeff Cook
Written by AJ Yawn and Jeff Cook
AICPA SOC 2 Trust Services Criteria 101
The AICPA Trust Services Criteria. It’s what drives SOC 2 reports.
Written by Jeff Cook
Updated over a week ago
Updated over a week ago
Everything You Need to Know About SOC 2 Trust Service Criteria CC1.0 (Control Environment)
The CC1 series in the trust services criteria establishes the foundation of the control environment for the organization
Written by Jeff Cook
Updated over a week ago
Updated over a week ago
Everything You Need to Know About SOC 2 Trust Service Criteria CC2.0 (Communication & Information)
The CC2 series in the trust services criteria establishes the foundation of the control environment for the organization.
Written by Jeff Cook
Updated over a week ago
Updated over a week ago
Everything You Need to Know About SOC 2 Trust Service Criteria CC3.0
CC3 series is focused on your holistic risk management and risk assessment processes and procedures.
Written by AJ Yawn
Updated over a week ago
Updated over a week ago
Everything You Need to Know About SOC 2 Trust Service Criteria CC4.0 (Monitoring Activities)
Overview of CC4.0 (Monitoring Activities)
Written by AJ Yawn
Updated over a week ago
Updated over a week ago
Everything You Need to Know About SOC 2 Trust Service Criteria CC5.0 (Control Activities)
The CC5 series focuses on the policies and procedures documented and in place.
Written by AJ Yawn
Updated over a week ago
Updated over a week ago
Everything You Need to Know About SOC 2 Trust Service Criteria CC6.0 (Logical and Physical Access Controls)
Ever wonder which section of your SOC 2 report your auditors are terrified of? This is that section.
Written by AJ Yawn
Updated over a week ago
Updated over a week ago
Everything You Need to Know About SOC 2 Trust Service Criteria CC7.0 (System Operations)
System Operations” is vague, we understand that. In a SOC 2 examination, systems operations refer to the following concepts and processes.
Written by AJ Yawn
Updated over a week ago
Updated over a week ago
Everything You Need to Know About SOC 2 Trust Service Criteria CC8.0 (Change Management)
The SOC 2 Criterion that covers your SDLC process.
Written by AJ Yawn
Updated over a week ago
Updated over a week ago
Everything You Need to Know About SOC 2 Trust Service Criteria CC9.0 (Risk Mitigation)
The CC9 series is focused on your holistic risk mitigation processes and procedures.
Written by AJ Yawn
Updated over a week ago
Updated over a week ago
Everything You Need to Know About Availability SOC 2 Trust Service Criteria
The addition of Availability in scope is generally an easy uplift for companies hosted on the cloud.
Written by AJ Yawn
Updated over a week ago
Updated over a week ago
Everything You Need to Know About Confidentiality SOC 2 Trust Service Criteria
We will break down each Confidentiality criteria in simple terms so you know what to expect from your SOC 2 auditors.
Written by AJ Yawn
Updated over a week ago
Updated over a week ago
What is the Difference Between SOC 2 Privacy & SOC 2 Confidentiality
The differences between Privacy and Confidentiality, and a few key reasons why it is important to understand those differences
Written by AJ Yawn
Updated over a week ago
Updated over a week ago
What is the Difference Between SOC 2 Security & SOC 2 Confidentiality
The differences between Security and Confidentiality, and also explain a few key reasons why it is important to understand those differences
Written by AJ Yawn
Updated over a week ago
Updated over a week ago