SOC 2 Controls: Encryption of Data at Rest – An Updated Guide
Learn how the SOC 2 “Encryption of Data at Rest” control helps protect your data and your business, and how to get it right.
Compliance Controls: Business Benefits and Best Practices
Controls enable compliance with SOC 2, ISO 27001 and other industry security frameworks. Learn why controls matter and how to get them right.
SOC 2 Controls: Access Removal for Terminated or Transferred Users – An Updated Guide
Learn what the Access Removal for Terminated or Transferred Users SOC 2 control does, why it matters, who manages it, and how to implement it.
SOC 2 Controls: “Regular User Access Reviews” – An Updated Guide
Struggling with a “Regular User Access Reviews” control?
Learn what it’s about, why it matters, and who needs to do what for you to handle it fast.
SOC 2 Compliance Controls and Business Policies: A Critical Connection
IT Chronicles has posted an article from Trustero highlighting the key connection between compliance controls and business policies.
SOC 2 Controls: Regular User Access Reviews
This SOC 2 control focuses on ensuring your company regularly reviews who has access to critical IT infrastructure. For this control, your company must log these reviews and take any actions to resolve any access issues discovered during a review.
There are many ways to word such a control, and you should work with your auditor to find the precise wording for your company. The control’s wording must be precise, concise, and authoritative.
SOC 2 Controls: Access Removal for Terminated or Transferred Users
This SOC 2 control focuses on ensuring the timely removal of access rights from users who have been terminated and those who have been transferred to new roles. The control also stipulates that removal or revision of access rights takes place in a timely fashion, typically within one business day, and is both verified and documented.
SOC 2 Controls: Encryption of Data at Rest
Understanding controls is integral to the completion and success of your SOC 2 audit. This first entry into a series of control blogs dives deep into the Encryption of Data at Rest control, which is pivotal for protecting stored data within companies. Learn why this control matters, who it affects and more.