FAQ: What is covered in the Availability criteria?

FAQ: What is covered in the Availability criteria?

The availability criteria addresses how you go about ensuring the in-scope data and systems stay online and recoverability should go awry.

  1. Disaster recovery: An organization should have a plan in place to recover from a disaster or other catastrophic event that could impact the availability of its systems and data. This might include measures such as redundant systems, backup and recovery procedures, and testing to ensure that these measures are effective.
  2. Maintenance: An organization should have a process in place for performing maintenance on its systems in a way that minimizes the impact on availability. This might include scheduling maintenance during off-peak hours, performing maintenance on a rolling basis to minimize disruption, and providing advance notice of planned maintenance to users.
  3. Performance monitoring: An organization should have a system in place for monitoring the performance of its systems and data to ensure that they are available and functioning properly. This might include monitoring response times, error rates, and other performance metrics.
  4. Capacity planning: An organization should have a process in place for ensuring that its systems and data have the capacity to meet the needs of its users. This might involve identifying future capacity needs and implementing measures to meet those needs, such as adding hardware or upgrading software.

Additional FAQs

What are the costs of SOC 2?

There are a lot of factors that go into responding to this question. There are audit, consulting, software, internal resources, and other factors to consider which can easily grow from

Are Representation Letters Required in SSAE 18?

Previously in SSAE-16 a Management Representation Letter was highly recommended and common practice, however, they were not explicitly required to be obtained except in certain existing subject matter sections. This

How does a company get SOC 2 certified?

SOC 2 is not a certification, it’s a third party attestation of the controls in place at your organization. Typically when a company is asking this question though the answer

How long does a SOC 1 take to complete?

This depends on how prepared and how many resources an Organization has to dedicate to the project. The first time through, usually a readiness assessment would be performed, and then

Get Our Emails

SOC Reporting Guide