Vulnerabilities scanned and remediated
Vendor management program established
Service description communicated
Third-party agreements established
Risk management program established
Company commitments externally communicated
Physical access processes established
Incident response policies established
System changes communicated
Support system available
Board meetings conducted
Organization structure documented
System changes externally communicated
Board expertise developed
SOC 2 - System Description
Whistleblower policy established
Production deployment access restricted
Cybersecurity insurance maintained
Continuity and disaster recovery plans tested
Vendor management program established
Third-party agreements established
Risks assessments performed
External support resources available
Data center access reviewed
Incident management procedures followed
Access requests required
Incident response plan tested
Security policies established and reviewed
Roles and responsibilities specified
Management roles and responsibilities defined
Backup processes established
Board charter documented
Board oversight briefings conducted
Development lifecycle established
Change management procedures enforced
Configuration management system established
Continuity and Disaster Recovery plans established