Cyber Security: Policies and Procedures needed for SOC1 / SOC2

What is SOC?

A Service Organization Controls (SOC)


What is the AICPA?

American Institute of Certified Public Accountants (AICPA)


Who can perform a SOC audit?

Audits must be completed by an external auditor from a licensed CPA firm


What is WISP?




What are the top policies and procedures needed for a SOC audit? 


  1. Information Security Policy
  2. Access Control Policy
  3. Password Policy
  4. Change Management Policy
  5. Risk Assessment and Mitigation Policy
  6. Incident Response Policy
  1. Logging and Monitoring Policy
  2. Vendor Management Policy
  3. Data Classification Policy
  4. Acceptable User Policy
  5. Information, Software and System Policy
  6. Business Continuity and Disaster Recovery





Kon Belieu



Comments are closed

Latest Comments

No comments to show.