Work.software's GRC and SOC 2
22 Manual SOC 2 Criteria covered with Work.software
Tools:
- Compliance Dashboard
- Create Custom Meetings and Link to SOC2 Criteria and Controls
- Auditor Access and Exports
- Employee Evaluations and Performance Plans (CC1.4/CC1.5/CC2.2)
Meetings:
- Change Advisory Board (CC8.1)
- Execute Review (CC1.2, Repeats frequently throughout SOC)
- Board Meetings (CC1.2, Repeats frequently throughout SOC)
- Security Steering Committee (CC1.2, Repeats frequently throughout SOC)
- Business Continuity Plan Review (CC5.3/CC7.4/CC7.5)
- Disaster Recovery Plan Review (CC5.3/CC7.4/CC7.5)
- Business Continuity Test Retrospective (CC5.3/CC7.4/CC7.5)
- Disaster Recovery Test Retrospective (CC5.3/CC7.4/CC7.5)
- Sprint Retrospective (CC8.1)
- Job Description Review (CC1.4)
- Company Organizational Chart Review (CC1.3/CC3.4)
- New Hire Review (CC1.4/CC6.2)
- Department Meetings (CC1.2, Repeats frequently throughout SOC)
- Team Meeting, e.g. server team (CC1.2, Repeats frequently throughout SOC)
- Risk Assessment Retrospective (CC3.2)
- Review Authorized Personnel Roles for Access to Data, Software, Functions, and Other IT Resources (CC4.1, CC6.2, CC6.3)
- Review Personnel with Physical Access to Sensitive Locations (CC4.1, CC6.5)
- Review Incident Response Procedures (CC7.3, CC7.4)
- Incident Response Retrospective (CC7.4, CC7.5)
Checklists:
- Employee Exit (CC6.2/CC6.3/CC6.5)
- Employee New Hire (CC6.2/CC6.3)
- Employee Onboarding (CC1.1/CC1.4/CC6.2/CC6.3)
- Hardware Deployment (CC6.1/CC6.6/CC6.8)
- Security Policies (CC1.2/CC2.1)
- Security Awareness Training (CC1.4/CC1.5)
- Vendor Management Assessments (CC3.2, CC9.2)