SOC 2 Academy: Data Backup Processes

Author: kirkpatrickprice00

Description: Learn more at

When an organization pursues SOC 2 compliance, an auditor will verify that they comply with the common criteria listed in the 2017 Trust Services Criteria. In addition to the common criteria, though, there’s additional criteria for the availability, confidentiality, processing integrity, and privacy categories. For example, if an organization opts to include the availability category in their audit, they would need to comply with the additional criteria for availability. Availability criteria 1.2 says, “The entity authorizes, designs, develops or acquires, implements, operates, approves, maintains, and monitors environmental protections, software, data back-up processes, and recovery infrastructure to meet its objectives.” We’ve discussed how organizations can comply with this criterion, but we believe there’s a key component that requires further discussion: data backup processes. Let’s take a look at why organizations need to have proper data backup processes.
We know that disasters happen when we’re least expecting it, so taking proactive measures to protect the data that your organization holds is paramount to SOC 2 compliance. This includes ensuring that that data remains available, complete, and accessible at all times. For example, if your organization is impacted by a hurricane and is unable to physically access your office building, how will you access your data so that you can continue to provide the services you offer? If you’re forced to set up an off-site location until your office building has recovered from an environmental disaster, would you have access to your data? These are the things you need to consider for SOC 2 compliance.

Stay Connected

More Free Resources
White Papers:

About Us
KirkpatrickPrice is a licensed CPA firm, PCI QSA, and a HITRUST CSF Assessor, registered with the PCAOB, providing assurance services to clients in more than 48 states, Canada, Asia, and Europe. The firm has over 13 years of experience in information security and compliance assurance by performing assessments, audits, and tests that strengthen information security and internal controls. KirkpatrickPrice most commonly provides advice on SOC 1, SOC 2, PCI DSS, HIPAA, HITRUST CSF, GDPR, ISO 27001, FISMA, and CFPB frameworks.

For more about KirkpatrickPrice:
Contact us today: 800-770-2701