Once your organization has decided that you are ready to pursue a SOC 2 attestation, the first thing you have to decide is which of the five Trust Services Criteria (TSP) you want to include in your SOC 2 audit report. Becoming familiar with the categories...
More
Once your organization has decided that you are ready to pursue a SOC 2 attestation, the first thing you have to decide is which of the five Trust Services Criteria (TSP) you want to include in your SOC 2 audit report. Becoming familiar with the categories of security, availability, confidentiality, processing integrity, and privacy should be one of the first steps in your scoping process. On a basic level, you can think about the Trust Service Criteria in terms of these concepts:
Security – Is the system protected, both physically and logically, against unauthorized access?
Availability – Is the system available for operation and use as agreed upon?
Confidentiality – Is the information that’s designated as confidential protected as agreed upon?
Processing Integrity – Are the processing services provided in a complete, accurate, and timely, manner?
Privacy – Is personal information collected, used, retained, disclosed, and destroyed in accordance with the service organization’s
Less