Compliance
Framework coverage, control status, evidence collection.
Total controls
64
Passing
51
Partial
9
Failing
4
SOC 2 Type II — controls
Next audit: Nov 2024| Control | Title | Family | Status | Owner | Evidence | Last review |
|---|---|---|---|---|---|---|
| CC6.1 | Logical access controls restrict unauthorized access | Access Control | passing | Sara Okafor | 12 | 12 Aug 2024 |
| CC6.2 | User registration and de-registration | Access Control | passing | Sara Okafor | 8 | 10 Aug 2024 |
| CC6.3 | Privileged access management | Access Control | partial | Priya Shah | 5 | 01 Aug 2024 |
| CC7.1 | Vulnerabilities are identified and remediated | System Operations | partial | Marcus Lin | 22 | 20 Aug 2024 |
| CC7.2 | Security incidents are detected, reported, resolved | System Operations | passing | Priya Shah | 14 | 18 Aug 2024 |
| CC8.1 | Change management process | Change Management | passing | Jordan Vega | 9 | 15 Aug 2024 |
| A.5.1 | Information security policies | Governance | passing | Priya Shah | 4 | 01 Jul 2024 |
| A.8.7 | Protection against malware | Asset Management | passing | Sara Okafor | 6 | 05 Aug 2024 |
| A.12.4 | Logging and monitoring | Operations | partial | Sara Okafor | 11 | 22 Aug 2024 |
| A.14.2 | Secure development lifecycle | Development | failing | Marcus Lin | 3 | 01 Aug 2024 |
| Req 3 | Protect stored cardholder data | Data Protection | passing | Mei Wong | 18 | 10 Aug 2024 |
| Req 6 | Develop and maintain secure systems | Development | partial | Marcus Lin | 7 | 12 Aug 2024 |
| PR.AC-1 | Identities and credentials are managed | Protect | passing | Sara Okafor | 10 | 15 Aug 2024 |
| DE.CM-1 | Network monitoring | Detect | partial | Sara Okafor | 8 | 20 Aug 2024 |
| RS.RP-1 | Response plan is executed | Respond | passing | Priya Shah | 5 | 18 Aug 2024 |