Update nexus wiki content
This commit is contained in:
40
wiki/concepts/SOC2.md
Normal file
40
wiki/concepts/SOC2.md
Normal file
@@ -0,0 +1,40 @@
|
||||
---
|
||||
title: "SOC 2"
|
||||
type: concept
|
||||
tags: []
|
||||
sources: [compliance-auditor]
|
||||
last_updated: 2026-04-30
|
||||
---
|
||||
|
||||
# SOC 2
|
||||
|
||||
## Aliases
|
||||
- SOC2
|
||||
- SOC 2 Type I
|
||||
- SOC 2 Type II
|
||||
- Service Organization Control 2
|
||||
|
||||
## Definition
|
||||
|
||||
SOC 2(Service Organization Control 2)是由美国注册会计师协会(AICPA)制定的信任服务标准认证框架,用于评估服务组织在安全性、可用性、处理完整性、保密性和隐私性五个信任服务标准方面的控制措施。
|
||||
|
||||
## Core Components
|
||||
|
||||
### 信任服务标准(Trust Service Criteria)
|
||||
1. **安全性(Security)**:系统受到保护,防止未授权访问
|
||||
2. **可用性(Availability)**:系统能够按照承诺运行
|
||||
3. **处理完整性(Processing Integrity)**:系统处理完整、有效、准确、及时
|
||||
4. **保密性(Confidentiality)**:指定为保密的信息得到保护
|
||||
5. **隐私性(Privacy)**:个人信息的收集、使用、保留和披露符合组织的隐私声明
|
||||
|
||||
### SOC 2 类型
|
||||
- **Type I**:评估控制措施在特定日期的设计适当性
|
||||
- **Type II**:评估控制措施在指定期间(通常6-12个月)的设计和运行有效性
|
||||
|
||||
## Related Concepts
|
||||
- [[Gap Assessment]]:SOC 2 审计前的必备步骤
|
||||
- [[Evidence Collection]]:SOC 2 Type II 审计的核心要求——需证明控制在整个审计期间持续有效
|
||||
- [[Continuous Compliance]]:SOC 2 年度审计间隔期间的持续合规实践
|
||||
|
||||
## Related Sources
|
||||
- [[compliance-auditor]]
|
||||
Reference in New Issue
Block a user