Strategic Policy Development (SOC2)

1. How would you convince your future company to pursue SOC2 compliance? -I would make the business argument that proof of compliance is important to many potential customers and that not having the certification can reduce future opportunities for business growth.

2. What are the five SOC2 Trust Principles?

• Security
• Privacy
• Availability
• Confidentiality
• Processing Integrity

3. How would your explain the three levels of the SOC2 pyramid in an analogy your friends or former colleagues would understand?

• The foundation is security policies. These are organizational policies that explain what we will do, as an organization, to support the five trust principles.
• The middle layer is execution. These are operating procedures (SOPs) and "how-to" documents that detail how the organization will go about implementing and enforcing the policies.
• The top layer is the proof. It is the documentation that shows the organization is doing what it says it will do. This can be through logs, management of change records, process and work notes and other records.

Source: Vendr.com