CONTROLS

A1.1

Capacity Management A1 — Availability

SOC2 HIGH Z

→ A1.2

Environmental Threats A1 — Availability

SOC2 HIGH Z

→ A1.3

Recovery Plan Testing A1 — Availability

SOC2 HIGH Z

→ C1.1

Identifies and Maintains Confidential Information C1 — Confidentiality

SOC2 HIGH Z

→ C1.2

Disposes of Confidential Information C1 — Confidentiality

SOC2 MEDIUM Z

→ CC1.1

Demonstrates Commitment to Integrity and Ethical Values CC1 — Control Environment

SOC2 MEDIUM Z

→ CC1.2

Exercises Oversight Responsibility CC1 — Control Environment

SOC2 HIGH Z

→ CC1.3

Establishes Structure, Authority, and Responsibility CC1 — Control Environment

SOC2 HIGH Z

→ CC1.4

Demonstrates Commitment to Competence CC1 — Control Environment

SOC2 MEDIUM Z

→ CC1.5

Enforces Accountability CC1 — Control Environment

SOC2 HIGH Z

→ CC2.1

Uses Relevant Information CC2 — Communication and Information

SOC2 Z

→ CC2.2

Communicates Internally CC2 — Communication and Information

SOC2 Z

→ CC2.3

Communicates Externally CC2 — Communication and Information

SOC2 Z

→ CC3.1

Specifies Suitable Objectives CC3 — Risk Assessment

SOC2

→ CC3.2

Identifies and Analyzes Risk CC3 — Risk Assessment

SOC2

→ CC3.3

Assesses Fraud Risk CC3 — Risk Assessment

SOC2

→ CC3.4

Identifies and Analyzes Significant Change CC3 — Risk Assessment

SOC2

→ CC4.1

Conducts Ongoing and/or Separate Evaluations CC4 — Monitoring Activities

SOC2

→ CC4.2

Evaluates and Communicates Deficiencies CC4 — Monitoring Activities

SOC2

→ CC5.1

Selects and Develops Control Activities CC5 — Control Activities

SOC2

→ CC5.2

Selects and Develops General Controls Over Technology CC5 — Control Activities

SOC2

→ CC5.3

Deploys Through Policies and Procedures CC5 — Control Activities

SOC2

→ CC6.1

Logical Access Security Software, Infrastructure, and Architectures CC6 — Logical and Physical Access Controls

SOC2

→ CC6.2

New Internal and External Users Provisioning CC6 — Logical and Physical Access Controls

SOC2

→ CC6.3

Role-Based Access Control CC6 — Logical and Physical Access Controls

SOC2

→ CC6.4

Physical Access Restrictions CC6 — Logical and Physical Access Controls

SOC2

→ CC6.5

Cessation of Access CC6 — Logical and Physical Access Controls

SOC2

→ CC6.6

Security Measures Against External Threats CC6 — Logical and Physical Access Controls

SOC2

→ CC6.7

Transmission and Movement of Information CC6 — Logical and Physical Access Controls

SOC2

→ CC6.8

Prevention or Detection of Unauthorized Software CC6 — Logical and Physical Access Controls

SOC2

→ CC7.1

Detection and Monitoring Procedures CC7 — System Operations

SOC2

→ CC7.2

Monitors System Components for Anomalous Behavior CC7 — System Operations

SOC2

→ CC7.3

Evaluates Security Events CC7 — System Operations

SOC2

→ CC7.4

Responds to Security Incidents CC7 — System Operations

SOC2

→ CC7.5

Identifies, Develops, and Implements Activities to Recover CC7 — System Operations

SOC2

→ CC8.1

Authorizes, Designs, Develops or Acquires, Configures, Documents, Tests, Approves, and Implements Changes CC8 — Change Management

SOC2

→ CC9.1

Identifies, Selects, and Develops Risk Mitigation Activities CC9 — Risk Mitigation

SOC2

→ CC9.2

Assesses and Manages Risks from Vendors and Business Partners CC9 — Risk Mitigation

SOC2

→