• Cloud Edge Secure Access
• Welcome to SonicWall Cloud Edge!
• Prerequisites
• Installation
  • Accessing the Client Management Console
  • Installation Methods
• Networks
  • Understanding Networks
  • SDP Networks
  • Regions and Gateways
    • Adding a region
    • Adding a gateway
  • Connecting Infrastructure
    • Prerequisites
    • Site-to-Site Connections
    • IPsec Tunnel
    • WireGuard Connector
    • Connect On-Prem Resources
      • Firewalls
        • SonicWall
    • Connect Cloud Resources
      • Amazon AWS
        • AWS Virtual Gateway
        • AWS Transit Gateway
      • Alibaba Cloud
      • Microsoft Azure
      • Google Cloud Platform
      • Heroku Enterprise
      • IBM Cloud
      • Docker
• Groups and Members
  • Members
    • Inviting Members
    • Password Requirements
    • Managing Roles
  • Groups
    • Managing Groups
    • Identity Provider Groups
  • Identity Providers (IdP)
    • Integrate Identity Providers
    • Azure AD
      • Azure Active Directory (SAML 2.0)
      • Azure Active Directory
    • Google Suite
      • Google Services
      • Google Apps (SAML 2.0)
    • On-Premises Active Directory
    • SAML 2.0
      • Generic SAML
      • Active Directory Federation Services (ADFS)
      • Auth0
      • Okta
      • OneLogin
      • PingIdentity
      • JumpCloud
• Securing the Platform
  • Securing Networks
    • Segmenting Networks
    • Device Posture Check
    • Network Traffic Control
    • Firewall-as-a-Service
  • Securing User Access
    • Multi-Factor Authentication
      • MFA Authentication
      • DUO Security
    • Agent-less Access
      • Zero Trust Application
        • HTTP/HTTPS
        • RDP (Remote Desktop Protocol)
        • SSH (Secure Shell)
        • VNC (Virtual Network Computing)
      • Zero Trust Policies and Rules
    • Agent-based Access
      • SonicWall Agents
        • Downloading and Installation
      • Agents Configuration
        • User-Groups Policies
        • Managing Configurations
        • General Configurations
        • Network Configuration
        • OS-Specific Configurations
• Monitoring
  • Activity Tracking
    • Activities and Logs
    • Member Devices
  • Monitoring Dashboard
  • Integrations
    • Amazon S3
    • Azure Sentinel
    • Splunk Cloud
• Compliance
  • HIPAA
  • GDPR
  • SOC 2 Type 2
• SonicWall Support
  • About This Document

SOC 2 Type 2

Auditing

This article describes what SOC 2 is and how it relates to your organization. SOC 2 is a technical audit that requires companies to establish and follow strict information security policies and procedures. A SOC 2 compliant service must follow these five “trust service principles” when managing customer data.

Security

System resources must be protected from unauthorized access or improper disclosure of information. To secure access, organizations can implement security tools such as two-factor authentication, web application firewalls (WAFs), Cloud VPNs, and Software-Defined Perimeters (SDPs).

Availability

Accessibility of the system is determined by a contract or service level agreement (SLA). While this doesn’t apply to system functionality, it does require network performance to be monitored, including security incidents, site failover, and other security-related issues that may affect availability.

Processing Integrity

To achieve processing integrity, the system must provide efficient data processing by delivering complete and valid information to the right place at the right time. By monitoring data and implementing quality assurance, organizations can begin to ensure processing integrity.

Confidentiality

Confidential data must be hidden from unauthorized persons or organizations. Network and application firewalls along with access controls are essential for safeguarding sensitive data. Additionally, encryption can be used to protect confidentiality during transmission.

Privacy

Organizations must meet privacy standards that address the collection, use, retention, disclosure, and disposal of personal information by the AICPA’s Generally Accepted Privacy Principles (GAPP).