SOC 2 Compliance Controls and Business Policies: A Critical Connection
IT Chronicles has posted an article from Trustero highlighting the key connection between compliance controls and business policies.
SOC 2 Controls: Regular User Access Reviews
This SOC 2 control focuses on ensuring your company regularly reviews who has access to critical IT infrastructure. For this control, your company must log these reviews and take any actions to resolve any access issues discovered during a review.
There are many ways to word such a control, and you should work with your auditor to find the precise wording for your company. The control’s wording must be precise, concise, and authoritative.
SOC 2 Controls: Access Removal for Terminated or Transferred Users
This SOC 2 control focuses on ensuring the timely removal of access rights from users who have been terminated and those who have been transferred to new roles. The control also stipulates that removal or revision of access rights takes place in a timely fashion, typically within one business day, and is both verified and documented.
SOC 2 Controls: Encryption of Data at Rest
Understanding controls is integral to the completion and success of your SOC 2 audit. This first entry into a series of control blogs dives deep into the Encryption of Data at Rest control, which is pivotal for protecting stored data within companies. Learn why this control matters, who it affects and more.