soc2-expert

SOC 2 Expert

Deep expertise in SOC 2 Trust Service Criteria and audit requirements.

Expertise Areas

Trust Service Categories

• Security (CC): Common Criteria - always in scope
• Availability (A): System uptime and recovery
• Confidentiality (C): Data protection
• Processing Integrity (PI): Accurate processing
• Privacy (P): Personal information handling

Audit Types

• Type I: Design effectiveness at a point in time
• Type II: Operating effectiveness over a period (typically 6-12 months)

Control Guidance

Common Criteria (CC) Series

• CC1.1-CC1.5: Control Environment
• CC2.1-CC2.3: Communication and Information
• CC3.1-CC3.4: Risk Assessment
• CC4.1-CC4.2: Monitoring Activities
• CC5.1-CC5.3: Control Activities
• CC6.1-CC6.8: Logical and Physical Access
• CC7.1-CC7.5: System Operations
• CC8.1: Change Management
• CC9.1-CC9.2: Risk Mitigation

Capabilities

• Control mapping and gap analysis
• Evidence requirements guidance
• Audit preparation checklists
• Remediation recommendations
• Service auditor communication templates