A1.1 | SOC 2 A1.1: Capacity & Performance Monitoring |
A1.2 | SOC 2 A1.2: Environmental Protections & Recovery Infrastructure |
A1.3 | SOC 2 A1.3: Recovery Plan Testing | GRCWatch |
C1.1 | SOC 2 C1.1: Confidential Information Identification |
C1.2 | SOC 2 C1.2: Confidential Information Disposal |
CC1.1 | SOC 2 CC1.1: Integrity & Ethical Values Control |
CC1.2 | SOC 2 CC1.2: Board Independence & Oversight |
CC1.3 | SOC 2 CC1.3: Organizational Structures & Authorities |
CC1.4 | SOC 2 CC1.4: Commitment to Competence | GRCWatch |
CC1.5 | SOC 2 CC1.5: Individual Accountability for Internal Control |
CC2.1 | SOC 2 CC2.1: Quality Information for Internal Controls |
CC2.2 | SOC 2 CC2.2: Internal Communication Control |
CC2.3 | SOC 2 CC2.3: External Communication Control |
CC3.1 | SOC 2 CC3.1: Specification of Objectives |
CC3.2 | SOC 2 CC3.2: Risk Identification and Analysis |
CC3.3 | SOC 2 CC3.3: Fraud Risk Assessment Control |
CC3.4 | SOC 2 CC3.4: Change Risk Assessment Control |
CC4.1 | SOC 2 CC4.1: Ongoing & Separate Evaluations |
CC4.2 | SOC 2 CC4.2: Control Deficiency Evaluation & Communication |
CC5.1 | SOC 2 CC5.1: Selection of Control Activities |
CC5.2 | SOC 2 CC5.2: Technology General Controls |
CC5.3 | SOC 2 CC5.3: Control Deployment Through Policies |
CC6.1 | SOC 2 CC6.1: Logical Access Security Infrastructure |
CC6.2 | SOC 2 CC6.2: User Registration & Authorization Control |
CC6.3 | SOC 2 CC6.3: Access Rights Management Control |
CC6.4 | SOC 2 CC6.4: Physical Access Restriction Control |
CC6.5 | SOC 2 CC6.5: Asset Decommissioning Controls |
CC6.6 | SOC 2 CC6.6: External Threat Protection Controls |
CC6.7 | CC6.7: Information Transmission Restrictions | SOC 2 |
CC6.8 | SOC 2 CC6.8: Malicious Software Prevention Control |
CC7.1 | SOC 2 CC7.1: Vulnerability & Configuration Monitoring |
CC7.2 | SOC 2 CC7.2: Anomaly Monitoring & Analysis |
CC7.3 | CC7.3 Security Event Evaluation | SOC 2 Control |
CC7.4 | SOC 2 CC7.4: Incident Response Control |
CC7.5 | SOC 2 CC7.5: Incident Recovery Control |
CC8.1 | SOC 2 CC8.1: Change Management Process Compliance |
CC9.1 | SOC 2 CC9.1: Business Disruption Risk Mitigation |
CC9.2 | SOC 2 CC9.2: Vendor & Business Partner Risk Management |
P1.1 | SOC 2 P1.1 Privacy Notice Control | GRCWatch |
P2.1 | SOC 2 P2.1: Privacy Choices and Consent Control |
P3.1 | SOC 2 P3.1: Personal Information Collection |
P3.2 | SOC 2 P3.2: Explicit Consent for Data Collection |
P4.1 | SOC 2 P4.1: Limit Personal Information Use |
P4.2 | SOC 2 P4.2: Personal Information Retention |
P4.3 | SOC 2 P4.3: Personal Information Disposal |
P5.1 | SOC 2 P5.1: Data Subject Access Control |
P5.2 | SOC 2 P5.2: Personal Information Correction Control |
P6.1 | SOC 2 P6.1: Disclosure with Consent | Compliance Guide |
P6.2 | SOC 2 P6.2: Authorized Disclosures Record |
P6.3 | SOC 2 P6.3: Unauthorized Disclosure Records |
P6.4 | SOC 2 P6.4: Minimum Necessary Disclosure Control |
P6.5 | SOC 2 P6.5: Vendor Privacy Commitments Control |
P6.6 | SOC 2 P6.6 Breach Notification Control |
P6.7 | SOC 2 P6.7: Personal Information Accounting & Disclosure |
P7.1 | SOC 2 P7.1: Personal Information Quality Control |
P8.1 | SOC 2 P8.1: Privacy Complaint Resolution Process |
PI1.1 | SOC 2 PI1.1: Quality Information for Processing Integrity |
PI1.2 | SOC 2 PI1.2: System Input Controls | GRCWatch |
PI1.3 | PI1.3 System Processing Controls | SOC 2 |
PI1.4 | SOC 2 PI1.4: Output Completeness & Accuracy |
PI1.5 | SOC 2 PI1.5: Storage Completeness & Accuracy |