SOC 2 Criteria

We go deep into each Trust Services Criteria, stop guessing what will be covered on your SOC 2 & dive in.

AJ Yawn avatar Jeff Cook avatar
14 articles in this collection
Written by AJ Yawn and Jeff Cook

AICPA SOC 2 Trust Services Criteria 101

The AICPA Trust Services Criteria. It’s what drives SOC 2 reports.
Jeff Cook avatar
Written by Jeff Cook
Updated over a week ago

Everything You Need to Know About SOC 2 Trust Service Criteria CC1.0 (Control Environment)

The CC1 series in the trust services criteria establishes the foundation of the control environment for the organization
Jeff Cook avatar
Written by Jeff Cook
Updated over a week ago

Everything You Need to Know About SOC 2 Trust Service Criteria CC2.0 (Communication & Information)

The CC2 series in the trust services criteria establishes the foundation of the control environment for the organization.
Jeff Cook avatar
Written by Jeff Cook
Updated over a week ago

Everything You Need to Know About SOC 2 Trust Service Criteria CC3.0

CC3 series is focused on your holistic risk management and risk assessment processes and procedures.
AJ Yawn avatar
Written by AJ Yawn
Updated over a week ago

Everything You Need to Know About SOC 2 Trust Service Criteria CC4.0 (Monitoring Activities)

Overview of CC4.0 (Monitoring Activities)
AJ Yawn avatar
Written by AJ Yawn
Updated over a week ago

Everything You Need to Know About SOC 2 Trust Service Criteria CC5.0 (Control Activities)

The CC5 series focuses on the policies and procedures documented and in place.
AJ Yawn avatar
Written by AJ Yawn
Updated over a week ago

Everything You Need to Know About SOC 2 Trust Service Criteria CC6.0 (Logical and Physical Access Controls)

Ever wonder which section of your SOC 2 report your auditors are terrified of? This is that section.
AJ Yawn avatar
Written by AJ Yawn
Updated over a week ago

Everything You Need to Know About SOC 2 Trust Service Criteria CC7.0 (System Operations)

System Operations” is vague, we understand that. In a SOC 2 examination, systems operations refer to the following concepts and processes.
AJ Yawn avatar
Written by AJ Yawn
Updated over a week ago

Everything You Need to Know About SOC 2 Trust Service Criteria CC8.0 (Change Management)

The SOC 2 Criterion that covers your SDLC process.
AJ Yawn avatar
Written by AJ Yawn
Updated over a week ago

Everything You Need to Know About SOC 2 Trust Service Criteria CC9.0 (Risk Mitigation)

The CC9 series is focused on your holistic risk mitigation processes and procedures.
AJ Yawn avatar
Written by AJ Yawn
Updated over a week ago

Everything You Need to Know About Availability SOC 2 Trust Service Criteria

The addition of Availability in scope is generally an easy uplift for companies hosted on the cloud.
AJ Yawn avatar
Written by AJ Yawn
Updated over a week ago

Everything You Need to Know About Confidentiality SOC 2 Trust Service Criteria

We will break down each Confidentiality criteria in simple terms so you know what to expect from your SOC 2 auditors.
AJ Yawn avatar
Written by AJ Yawn
Updated over a week ago

What is the Difference Between SOC 2 Privacy & SOC 2 Confidentiality

The differences between Privacy and Confidentiality, and a few key reasons why it is important to understand those differences
AJ Yawn avatar
Written by AJ Yawn
Updated over a week ago

What is the Difference Between SOC 2 Security & SOC 2 Confidentiality

The differences between Security and Confidentiality, and also explain a few key reasons why it is important to understand those differences
AJ Yawn avatar
Written by AJ Yawn
Updated over a week ago