SOC2® | Compliance | Fluid Attacks Help

SOC2®

logo

Summary

These reports are intended to meet the needs of a broad range of users that need detailed information and assurance about the controls at a service organization relevant to security, availability, and processing integrity of the systems used by the organization to process users' data, as well as the confidentiality and privacy of the information processed by these systems. The version used in this section is 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (last revisions made in March 2020).

Definitions

Definition Requirements
CC2_3. Communication and information 318. Notify third parties of changes
CC5_1. Control activities 062. Define standard configurations
CC5_2. Control activities 062. Define standard configurations
CC6_1. Logical and physical access controls 228. Authenticate using standard protocols
231. Implement a biometric verification component
264. Request authentication
CC6_2. Logical and physical access controls 034. Manage user accounts
095. Define users with privileges
114. Deny access with inactive credentials
122. Validate credential ownership
CC6_3. Logical and physical access controls 186. Use the principle of least privilege
341. Use the principle of deny by default
CC6_4. Logical and physical access controls 231. Implement a biometric verification component
CC6_5. Logical and physical access controls 144. Remove inactive accounts periodically
CC6_6. Logical and physical access controls 115. Filter malicious emails
253. Restrict network access
257. Access based on user credentials
CC6_7. Logical and physical access controls 181. Transmit data using secure protocols
CC6_8. Logical and physical access controls 115. Filter malicious emails
155. Application free of malicious code
C1_1. Additional criteria for confidentiality 185. Encrypt sensitive information
300. Mask sensitive data
375. Remove sensitive data from client-side applications
C1_2. Additional criteria for confidentiality 183. Delete sensitive data securely
210. Delete information from mobile devices
P1_1. Additional criteria for privacy (related to notice and communication of objectives related to privacy) 186. Use the principle of least privilege
P2_1. Additional criteria for privacy (related to choice and consent) 310. Request user consent
P3_1. Additional criteria for privacy (related to collection) 360. Remove unnecessary sensitive information
P3_2. Additional criteria for privacy (related to collection) 310. Request user consent
P4_1. Additional criteria for privacy (related to use, retention, and disposal) 189. Specify the purpose of data collection
310. Request user consent
314. Provide processing confirmation
315. Provide processed data information
P4_2. Additional criteria for privacy (related to use, retention, and disposal) 229. Request access credentials
300. Mask sensitive data
P4_3. Additional criteria for privacy (related to use, retention, and disposal) 183. Delete sensitive data securely
317. Allow erasure requests
318. Notify third parties of changes
360. Remove unnecessary sensitive information
P5_2. Additional criteria for privacy (related to access) 316. Allow rectification requests
P6_1. Additional criteria for privacy (related to disclosure and notification) 189. Specify the purpose of data collection
310. Request user consent
P6_2. Additional criteria for privacy (related to disclosure and notification) 079. Record exact occurrence time of events
311. Demonstrate user consent
P6_3. Additional criteria for privacy (related to disclosure and notification) 079. Record exact occurrence time of events
P6_5. Additional criteria for privacy (related to disclosure and notification) 318. Notify third parties of changes
Free trial message
Free trial
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.