CybersecurityFrameworkControl set

SOC2

SOC2 Trusted Services Criteria

SOC 2 is a framework for managing and reporting on controls at service organizations relevant to security, availability, processing integrity, confidentiality, and privacy. It aims to provide detailed information and assurance to stakeholders about how these controls are implemented to protect user data.

Overview

SOC 2 is a widely adopted standard developed by the AICPA to provide organizations with a structured framework for managing controls related to security, availability, processing integrity, confidentiality, and privacy. This framework is particularly relevant for service organizations that require transparency about their systems and processes. It uses the 2017 Trust Services Criteria (updated with revised points of focus in 2022) as its foundation and includes guidance on effective implementation and reporting. SOC 2 reports are targeted at stakeholders who need assurance about a service provider's internal controls regarding handling sensitive data. The framework also serves as the basis for a consistent and standardized examination, including illustrative examples and criteria for system descriptions.

Related in Cybersecurity

CybersecurityStandardFramework

CAIQ v4.1.0 — Consensus Assessment Initiative Questionnaire v4.1.0

The Consensus Assessments Initiative Questionnaire (CAIQ) v4.1.0 is a comprehensive cloud security assessment questionnaire developed by the Cloud Security Alliance (CSA) and aligned with the Cloud Controls Matrix (CCM) v4.1 to help organizations evaluate the security, privacy, and compliance practices of cloud service providers. It includes 261 assessment questions mapped to 207 controls across 17 security domains, supporting detailed vendor due diligence, third-party risk management, and cloud security assessments using a standardized industry framework.

Cloud Security Alliance (CSA) • v4.1.0

View details
CybersecurityStandard

CAIQ Lite v4.1.0 — Consensus Assessments Initiative Questionnaire Lite v4.1.0

Consensus Assessments Initiative Questionnaire (CAIQ) Lite v4.1.0 is a streamlined cloud security assessment questionnaire developed by the Cloud Security Alliance (CSA) and aligned with the Cloud Controls Matrix (CCM) v4.1 to help organizations evaluate cloud service providers using a standardized approach. It includes 138 focused questions across 17 security domains, enabling efficient vendor due diligence, third-party risk management, and security posture assessments.

Cloud Security Alliance (CSA) • v4.1.0

View details
CybersecurityFrameworkStandard

CCM v4.1 — Cloud Controls Matrix v4.1

The Cloud Controls Matrix (CCM) v4.1 is a cybersecurity control framework that consists of 207 controls across 17 security domains, specifically tailored for cloud security and privacy. The Consensus Assessment Initiative Questionnaire (CAIQ) accompanies the CCM, offering a set of assessment questions to evaluate security controls.

Cloud Security Alliance (CSA) • v4.1

View details
CybersecurityStandard

SOC-CMM — SOC-CMM Assessment Tool

The SOC-CMM model is a capability maturity model that can be used to perform a self-assessment of your Security Operations Center (SOC). The model is based on review conducted on literature regarding SOC setup and existing SOC models as well as literature on specific elements within a SOC. The literature analysis was then validated by questioning several Security Operations Centers in different sectors and on different maturity levels to determine which elements were actually in place. The output from the survey, combined with the initial analysis is the basis for this self-assessment. For more information regarding the scientific background and the literature used to create the SOC-CMM self-assessment tool, please refer to the thesis document as available through: https://www.soc-cmm.com/

SOC-CMM

View details

Ready to manage these frameworks?

6clicks maps regulations to controls, evidence and risks — automatically.

Book your strategy call