Compliance Glossary

SOC 2 Access Control focuses on how you, as a company, manage and restrict access to your systems and data. The main goal is not to give unauthorized people access to sensitive data.

To know more about implementing the SOC 2 access controls, read SOC 2 Controls: All You Need to Know

Here are the categories that help with managing access control:

Security Controls

Security control mitigates cyber attacks and unauthorized access. This usually requires your systems to have two-factor authentication systems and web firewalls. The main focus is to only let the right folks have access. 

Privacy Controls

Privacy Control is where sensitivity is key. As a cloud company, you must communicate the privacy policies to the customer as you are storing their data. Consent is king here – collecting sensitive information requires permission from the customers. And remember lawful means; the book must gather everything. Once the data has served its purpose, it’s time to bid it farewell and dispose of it properly.

Confidentiality Controls

Confidentiality Controls imply that you must share the information securely, but only with the right parties. For example, a confidential file must only be shared among hospitals, pharmacies, and specialists. 

The goal is to ensure it falls into the right hands. So, identifying what’s confidential and protecting it until its retention period ends is the name of the game.

Processing Integrity Controls

This control’s main goal is to ensure everything runs like clockwork in the system. It’s all about achieving the organization’s goals through data, focusing on inputs and outputs. Imagine a smooth e-commerce experience – a customer places an order, and voila, prompt delivery. 

But beware, outputs should be delivered only to their intended recipients, and any hiccups must be detected and corrected.