SOC 2 Controls: Regular User Access Reviews

SOC 2 Controls: Regular User Access Reviews

This SOC 2 control focuses on ensuring your company regularly reviews who has access to critical IT infrastructure. For this control, your company must log these reviews and take any actions to resolve any access issues discovered during a review.
There are many ways to word such a control, and you should work with your auditor to find the precise wording for your company. The control’s wording must be precise, concise, and authoritative.

Continue Reading »

SOC 2 Controls: Encryption of Data at Rest

Understanding controls is integral to the completion and success of your SOC 2 audit. This first entry into a series of control blogs dives deep into the Encryption of Data at Rest control, which is pivotal for protecting stored data within companies. Learn why this control matters, who it affects and more.

Continue Reading »