Professional Documents
Culture Documents
SOC 2 Compliance Checklist
SOC 2 Compliance Checklist
The SOC 2 audit is based on a set of criteria that are used in evaluating controls relevant to the security,
availability, processing integrity, confidentiality, or privacy of a system.
• Data (transmission streams, files, databases, tables, and output used or processed by a system)
• Design and operating effectiveness of a service organization’s controls over a system relevant to
one or more of the Trust Services Criteria
What are your background screening Have you implemented an access control
procedures? system and implemented monitoring to
identify intrusions?
Do you have established workforce conduct
standards? Develop and test incident response
procedures
Do your clients and employees understand
their role in using your system or service? Is software, hardware, and infrastructure
updated regularly as necessary?
Are system changes effectively
communicated to the appropriate personnel Do you have a change management process
in a timely manner? to address deficiencies in controls?
Perform a Risk Assessment What are your backup and recovery policies?
Have you identified potential threats to How are you addressing environmental risks?
the system?
Has your disaster recovery plan been tested
Have you analyzed the significance of and documented?
the risks associated with each threat?
How are you ensuring data is being
What are your mitigation strategies for processed, stored, and maintained
those risks? accurately and timely?