SOC 2 (Service Organization Control 2)

What is the SOC 2 (Service Organization Control 2)?

The GDPR is a European personal data privacy law that applies to any organization that does business in Europe (regardless of its physical location). It sets guidelines for the collection, processing, and storage of European residents’ personally identifiable information. The GDPR law was enforced to protect all personal information, including the ones that are dealt with on mobile devices and applications.

SOC 2 trust services criteria

CC1: Control Environment

The criteria in this group, center around the organization’s dedication and actions to achieve its goals and facilitate internal controls.

CC2: Communication and Information

These criteria evaluate how well the organization collects, shares, and communicates information that is crucial for achieving its objectives.

CC3: Risk Assessment

These criteria assess the organization’s capability to recognize, evaluate, and handle the risks associated with meeting its objectives.

CC4: Monitoring Activities

These criteria are concerned with the organization’s ability to select, implement and manage internal controls while addressing any identified control weaknesses in a timely manner.

CC5: Control Activities

These criteria focus on how the organization chooses, develops, and puts control measures in place, as well as its ability in putting policies into practical use.

CC6: Logical and Physical Access Controls

These criteria examine the organization’s ability to set up controls, both in software and infrastructure, to safeguard valuable assets, and to effectively manage user access to protected data.

CC7: System Operations

These criteria focus on the organization’s ability to monitor and detect vulnerabilities, configuration changes and anomalous behavior and to respond to security incidents.

CC8: Change Management

These criteria deal with the organization’s aptitude to design, document and implement modifications in data, software, infrastructure, and processes.

CC9: Risk Mitigation

These criteria address how well the organization identifies, selects, and develops risk mitigation activities. 

Develop applications that comply with SOC 2

Companies that develop or bring their own applications to market, need to keep security in mind to avoid intellectual property theft, fraud and data leaks. SOC 2’s criteria ask companies to set up software controls in order to safeguard valuable assets and data. Pradeo’s SAST solution does just that, the easy-to-use solution vets and secures all your apps in one place.