SOC 2 Academy: Taking Inventory of Physical Devices

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 6.4 One of the first steps of the SOC 2 audit process is scoping the engagement, which tells auditors what people, processes, and technologies will be included in the assessment. Because auditors will assess an organization’s compliance with the 2017 Trust Services Criteria, organizations need to demonstrate that they comply with common criteria 6.4. Common criteria 6.4 says, “The entity restricts physical access to facilities and protected information…

Read More

SOC 2 Academy: Physical Security Controls

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 6.4 During a SOC 2 audit engagement, an auditor will validate that an organization complies with the common criteria listed in the 2017 SOC 2 Trust Services Criteria, which means that they will assess an organization’s compliance with common criteria 6.4. Common criteria 6.4 says, “The entity restricts physical access to facilities and protected information assets (for example, data center facilities, backup media storage, and other sensitive locations)…

Read More

SOC 2 Academy: Assigning Roles and Responsibilities

by Joseph Kirkpatrick / December 16, 2022

Common Criteria 6.3 During a SOC 2 audit engagement, an auditor will validate that an organization complies with the common criteria listed in the 2017 SOC 2 Trust Services Criteria, which means that they will assess an organization’s compliance with common criteria 6.3. Common criteria 6.3 says, “The entity authorizes, modifies, or removes access to data, software, functions, and other protected information assets based on roles, responsibilities, or the system…

Read More