What Is The SOC 2 Security Principle?
Description: Learn more about the SOC 2 Security Principle at https://kirkpatrickprice.com/video/so...
The SOC 2 Security Principle is a must and should be included in any non-privacy SOC 2 engagement. The Security Principle common criteria eliminates the overlap between each of the Trust Services Principles and must be reviewed by every organization before being audited against the SOC 2 security principle. Read more to find out how your organization should be applying the SOC 2 security common criteria.
The History of the SOC 2 Trust Services Principles:
The Service Organization Control 2 (SOC 2) Report focuses on non-financial controls at an organization as they relate to security, availability, processing integrity, confidentiality, and privacy. These are also known as the Trust Services Principles. In 2014, the SOC 2 Trust Services Principles were updated, and one of the major changes was to the SOC 2 security principle. This change to the Common Criteria helped to eliminate the overlap between the Trust Services Principles (TSPs). Before this update, a lot of SOC 2 reports had the same controls repeated over and over in order to address the overlapping requirements between the Trust Services Principles. Since the update in 2014, they have developed what are known as the Common Criteria that apply to all SOC 2 audit reports.