SOC 2
SOC 2 (AICPA Trust Services Criteria)
Un cadre d'attestation pour les organisations de services fondé sur cinq critères des services de confiance : sécurité, disponibilité, intégrité du traitement, confidentialité et vie privée. Les Common Criteria (série CC) constituent le socle de sécurité obligatoire.
Who it applies to
Les organisations de services — notamment les fournisseurs SaaS et cloud — qui stockent ou traitent des données clients et doivent démontrer leur sécurité via un rapport d'audit indépendant. Exigé par les clients et les achats plutôt que par la loi.
CC1 Control Environment
CC6 Logical & Physical Access
- CC6.1 Logical access security controls16 mapped
Logical access security software, infrastructure and architectures restrict access to protected information assets.
- CC6.6 Boundary protection
The entity implements controls to protect against threats from sources outside its system boundaries.
- CC6.7 Restricting data transmission15 mapped
The entity restricts the transmission, movement and removal of information and protects it during transmission, including via encryption.
CC7 System Operations
- CC7.1 Vulnerability detection and monitoring10 mapped
The entity uses detection and monitoring procedures to identify configuration changes and new vulnerabilities.
- CC7.2 Security event monitoring11 mapped
The entity monitors system components for anomalies indicative of malicious acts, natural disasters and errors.