Learn

SOC 2

Browse 61 published controls in this framework.

Control IDTitle
A1.1SOC 2 A1.1: Capacity & Performance Monitoring
A1.2SOC 2 A1.2: Environmental Protections & Recovery Infrastructure
A1.3SOC 2 A1.3: Recovery Plan Testing | GRCWatch
C1.1SOC 2 C1.1: Confidential Information Identification
C1.2SOC 2 C1.2: Confidential Information Disposal
CC1.1SOC 2 CC1.1: Integrity & Ethical Values Control
CC1.2SOC 2 CC1.2: Board Independence & Oversight
CC1.3SOC 2 CC1.3: Organizational Structures & Authorities
CC1.4SOC 2 CC1.4: Commitment to Competence | GRCWatch
CC1.5SOC 2 CC1.5: Individual Accountability for Internal Control
CC2.1SOC 2 CC2.1: Quality Information for Internal Controls
CC2.2SOC 2 CC2.2: Internal Communication Control
CC2.3SOC 2 CC2.3: External Communication Control
CC3.1SOC 2 CC3.1: Specification of Objectives
CC3.2SOC 2 CC3.2: Risk Identification and Analysis
CC3.3SOC 2 CC3.3: Fraud Risk Assessment Control
CC3.4SOC 2 CC3.4: Change Risk Assessment Control
CC4.1SOC 2 CC4.1: Ongoing & Separate Evaluations
CC4.2SOC 2 CC4.2: Control Deficiency Evaluation & Communication
CC5.1SOC 2 CC5.1: Selection of Control Activities
CC5.2SOC 2 CC5.2: Technology General Controls
CC5.3SOC 2 CC5.3: Control Deployment Through Policies
CC6.1SOC 2 CC6.1: Logical Access Security Infrastructure
CC6.2SOC 2 CC6.2: User Registration & Authorization Control
CC6.3SOC 2 CC6.3: Access Rights Management Control
CC6.4SOC 2 CC6.4: Physical Access Restriction Control
CC6.5SOC 2 CC6.5: Asset Decommissioning Controls
CC6.6SOC 2 CC6.6: External Threat Protection Controls
CC6.7CC6.7: Information Transmission Restrictions | SOC 2
CC6.8SOC 2 CC6.8: Malicious Software Prevention Control
CC7.1SOC 2 CC7.1: Vulnerability & Configuration Monitoring
CC7.2SOC 2 CC7.2: Anomaly Monitoring & Analysis
CC7.3CC7.3 Security Event Evaluation | SOC 2 Control
CC7.4SOC 2 CC7.4: Incident Response Control
CC7.5SOC 2 CC7.5: Incident Recovery Control
CC8.1SOC 2 CC8.1: Change Management Process Compliance
CC9.1SOC 2 CC9.1: Business Disruption Risk Mitigation
CC9.2SOC 2 CC9.2: Vendor & Business Partner Risk Management
P1.1SOC 2 P1.1 Privacy Notice Control | GRCWatch
P2.1SOC 2 P2.1: Privacy Choices and Consent Control
P3.1SOC 2 P3.1: Personal Information Collection
P3.2SOC 2 P3.2: Explicit Consent for Data Collection
P4.1SOC 2 P4.1: Limit Personal Information Use
P4.2SOC 2 P4.2: Personal Information Retention
P4.3SOC 2 P4.3: Personal Information Disposal
P5.1SOC 2 P5.1: Data Subject Access Control
P5.2SOC 2 P5.2: Personal Information Correction Control
P6.1SOC 2 P6.1: Disclosure with Consent | Compliance Guide
P6.2SOC 2 P6.2: Authorized Disclosures Record
P6.3SOC 2 P6.3: Unauthorized Disclosure Records
P6.4SOC 2 P6.4: Minimum Necessary Disclosure Control
P6.5SOC 2 P6.5: Vendor Privacy Commitments Control
P6.6SOC 2 P6.6 Breach Notification Control
P6.7SOC 2 P6.7: Personal Information Accounting & Disclosure
P7.1SOC 2 P7.1: Personal Information Quality Control
P8.1SOC 2 P8.1: Privacy Complaint Resolution Process
PI1.1SOC 2 PI1.1: Quality Information for Processing Integrity
PI1.2SOC 2 PI1.2: System Input Controls | GRCWatch
PI1.3PI1.3 System Processing Controls | SOC 2
PI1.4SOC 2 PI1.4: Output Completeness & Accuracy
PI1.5SOC 2 PI1.5: Storage Completeness & Accuracy