SOC 2 Academy: Designing and Implementing Environmental Protections

Author: kirkpatrickprice00

Description: Learn more at

When an organization pursues SOC 2 compliance, an auditor will verify that they comply with the common criteria listed in the 2017 Trust Services Criteria. In addition to the common criteria, though, there’s additional criteria for the availability, confidentiality, processing integrity, and privacy categories. For example, if an organization opts to include the availability category in their audit, they would need to comply with the additional criteria for availability. Availability criteria 1.2 says, “The entity authorizes, designs, develops or acquires, implements, operates, approves, maintains, and monitors environmental protections, software, data back-up processes, and recovery infrastructure to meet its objectives.” So, what does this mean for organizations and how do they comply with this criterion? Let’s find out why organizations should be designing and implementing environmental protections.
Whether natural or man-made, disasters hit when we’re least expecting it. That’s why organizations need to account for environmental disasters when implementing internal controls over the availability of their system. Is your organization or a vendor of your organization located in an area where it could be impacted by environmental disasters like fires, floods, hurricanes, tornados, power outages, or storms? Almost all organizations are, and if environmental protections are not designed and implemented properly, businesses could face severe consequences.

Stay Connected

More Free Resources
White Papers:

About Us
KirkpatrickPrice is a licensed CPA firm, PCI QSA, and a HITRUST CSF Assessor, registered with the PCAOB, providing assurance services to clients in more than 48 states, Canada, Asia, and Europe. The firm has over 13 years of experience in information security and compliance assurance by performing assessments, audits, and tests that strengthen information security and internal controls. KirkpatrickPrice most commonly provides advice on SOC 1, SOC 2, PCI DSS, HIPAA, HITRUST CSF, GDPR, ISO 27001, FISMA, and CFPB frameworks.

For more about KirkpatrickPrice:
Contact us today: 800-770-2701