Continuity and Disaster Recovery plans established
Continuity and disaster recovery plans tested
Cybersecurity insurance maintained
Configuration management system established
Change management procedures enforced
Production deployment access restricted
Development lifecycle established
SOC 2 - System Description
Whistleblower policy established
Board oversight briefings conducted
Board expertise developed
Board charter documented
Board meetings conducted
Backup processes established
System changes externally communicated
Management roles and responsibilities defined
Organization structure documented
Roles and responsibilities specified
Security policies established and reviewed
Support system available
System changes communicated
Access requests required
Incident response plan tested
Incident response policies established
Incident management procedures followed
Physical access processes established
Data center access reviewed
Company commitments externally communicated
External support resources available
Service description communicated
Risk assessment objectives specified
Risks assessments performed
Risk management program established
Third-party agreements established
Vendor management program established
Vulnerabilities scanned and remediated