SOC 2 Academy: How Contractual Obligations Impact Confidential Information

Author: kirkpatrickprice00

Description: Learn more at

Understanding how contractual obligations impact confidential information is especially important in order to comply with confidentiality criteria 1.2, because in this new era of data privacy regulations, many organizations will be required to retain data for a certain period of time; however, knowing how long they have to retain that data can be tricky when clients start adding additional stipulations to confidentiality agreements. For example, let’s say that a business wants to partner with a service organization who is only required by law to retain their data for three years. Before partnering with the service organization, that business may stipulate that the service organization needs to retain the data for an additional two years. If this scenario happens with multiple clients, knowing which requirements apply to which sets of data is critical to avoid confusion, ensure that that data remains confidential, and is disposed of correctly.

Stay Connected

More Free Resources
White Papers:

About Us
KirkpatrickPrice is a licensed CPA firm, PCI QSA, and a HITRUST CSF Assessor, registered with the PCAOB, providing assurance services to clients in more than 48 states, Canada, Asia, and Europe. The firm has over 13 years of experience in information security and compliance assurance by performing assessments, audits, and tests that strengthen information security and internal controls. KirkpatrickPrice most commonly provides advice on SOC 1, SOC 2, PCI DSS, HIPAA, HITRUST CSF, GDPR, ISO 27001, FISMA, and CFPB frameworks.

For more about KirkpatrickPrice:
Contact us today: 800-770-2701