Another series we will have periodic posts about will be related to potential controls that would be expected to be in place, almost regardless of the entity in question.
This will be a real basic one to help get everyone up to speed, we will delve into other areas that may be a little more advanced in the future.
Example: Firewalls are in place at all externally facing access points.
The point of this control is to ensure that firewalls are being used at the organization to help prevent hacking attempts, thus, the theft of data. Companies outsourcing their workloads want to have comfort that the company performing the work has adequate security measures in place to lower the chance of their data being stolen.
Firewalls are some of the most basic devices that need to be in place at a business to protect data and if your business does not currently employ firewalls on their network, it is a must do and should be looked into immediately.
SOC 2 Report – Trust Services Criteria and Categories
The System and Organization Controls (SOC) 2 Report will be performed in accordance with AT-C 205 (formerly under AT-101) and based upon the Trust Services Principles, with the ability to