תקן אבטחת מידע
ISO 27001
SOC 2 | Service Organization Control
SOC 2 is part of the service control envelope in the organization (SOC). Its purpose is to ensure the security and privacy of the information of the organization's customers. The SOC 2 audit procedure ensures that your service providers securely manage the organization's data, thus maintaining the protection of its business processes and the privacy of its customers.
It is considered a leader in terms of the standard it sets for the practice of information security and privacy.
Also and in addition, SOC2 sets in-depth requirements for the development field and thus contributes to improving the security of the applicable product and its infrastructure.
Availability
Information availability - continuous access for authorized persons to all information assets at any given time.
Integrity
The integrity of the information - maintaining the integrity and accuracy of the information.
Information privacy
Information privacy - maintaining information privacy.
Information security
Information security - information security and its protection by several means.
Confidentiality
Confidentiality of information - providing access only to authorized persons in accordance with the definitions of the information manager.
The guiding principles for controls in SOC 2
?How It Works
The steps of the process
Information gathering
Meetings with people, familiarization with processes and technologies: familiarization with organizational structure, business processes in the company, work procedures and information systems used in the company.
1
3
Correction and update
Treatment of gaps by a professional team with specializations in the relevant fields such as: content experts to write information security procedures, professional testers who will perform penetration tests.
2
Information analysis
Analysis of the existing situation in the company against the requirements of the standard for each of the sections. Presentation of gaps in a summary report with recommendations and prioritization for treatment.
4
External audit
A certification audit on behalf of an American CPA firm that reviews the information security system, controls and references for each control and at the end gives a certified report signed in English.