SOC 2
Definition
SOC 2 (System and Organization Controls 2) is a framework for managing and protecting customer data based on five trust service principles: security, availability, processing integrity, confidentiality, and privacy. It is primarily applicable to technology and cloud computing organizations, ensuring they have controls in place to safeguard data. SOC 2 compliance is verified through an audit process conducted by an independent third party, resulting in a report that details the effectiveness of the organization’s controls.
Secure Settings Example
# Example of a secure configuration for a cloud service provider
access_control:
enforce_mfa: true
password_policy:
min_length: 12
complexity_requirements: true
session_timeout: 15m
encryption:
data_at_rest: AES-256
data_in_transit: TLS 1.2 or higher
logging:
access_logs: enabled
retention_period: 90d
audit_trail: true
Insecure Settings Example
# Example of an insecure configuration for a cloud service provider
access_control:
enforce_mfa: false
password_policy:
min_length: 6
complexity_requirements: false
session_timeout: 60m
encryption:
data_at_rest: none
data_in_transit: none
logging:
access_logs: disabled
retention_period: 0d
audit_trail: false