soc2: fixup minor typos

2025-12-06 14:24:12 +00:00 · 2019-12-24 11:04:25 -06:00
parent c5a1bd804b
commit 22f1657411
7 changed files with 13 additions and 12 deletions
--- a/themes/comply-soc2/policies/classification.md
+++ b/themes/comply-soc2/policies/classification.md
@@ -66,7 +66,7 @@ a. When classifying information, the level of confidentiality is determined by:
 +-------------------+------------------+---------------------------+---------------------------+
 | Restricted        | Restricted       | Unauthorized access to    | Information is available  |
 |                   |                  | information may cause     | to a specific group of    |
-|                   |                  | considerable damage to    | employees and authhorized |
+|                   |                  | considerable damage to    | employees and authorized |
 |                   |                  | the business and/or       | third parties.            |
 |                   |                  | the organization's        |                           |
 |                   |                  | reputation.               |                           |           
--- a/themes/comply-soc2/policies/datacenter.md
+++ b/themes/comply-soc2/policies/datacenter.md
@@ -22,7 +22,7 @@ a. This policy defines the policies and rules governing data centers and secure

 # Policy

-a. The following locations are classified by the organization as secure areas and are goverened by this policy:
+a. The following locations are classified by the organization as secure areas and are governed by this policy:

    i. [list all data center locations and secure areas under the organization’s control]

--- a/themes/comply-soc2/policies/disaster.md
+++ b/themes/comply-soc2/policies/disaster.md
@@ -8,7 +8,8 @@ majorRevisions:
  - date: Jun 1 2018
    comment: Initial document
 ---
-#Purpose and Scope 
+
+# Purpose and Scope

 a. The purpose of this policy is to define the organization’s procedures to recover Information Technology (IT) infrastructure and IT services within set deadlines in the case of a disaster or other disruptive incident. The objective of this plan is to complete the recovery of IT infrastructure and IT services within a set Recovery Time Objective (RTO).

--- a/themes/comply-soc2/policies/retention.md
+++ b/themes/comply-soc2/policies/retention.md
@@ -10,14 +10,14 @@ majorRevisions:
    comment: Initial document
 ---

-#Appendices
+# Appendices
 Appendix A: Retention Periods

 # Purpose and Scope

 a. This data retention policy defines the objectives and requirements for data retention within the organization.

-a. This policy covers all data within the organization’s custody or control, irregardless of the medium the data is stored in (electronic form, paper form, etc.) Within this policy, the medium which holds data is referred to as information, no matter what form it is in.
+a. This policy covers all data within the organization’s custody or control, regardless of the medium the data is stored in (electronic form, paper form, etc.) Within this policy, the medium which holds data is referred to as information, no matter what form it is in.

 a. This policy applies to all users of information systems within the organization. This typically includes employees and contractors, as well as any external parties that come into contact with systems and information the organization owns or controls (hereinafter referred to as “users”). This policy must be made readily available to all users.

--- a/themes/comply-soc2/policies/risk.md
+++ b/themes/comply-soc2/policies/risk.md
@@ -87,13 +87,13 @@ Table 3: Description of Consequence Levels and Criteria
 | Moderate        | 1               | Either existing security controls have most provided an      |     
 |                 |                 | adequate level of protection or the probability of the risk  |                    
 |                 |                 | being realized is moderate. Some minor incidents may have    |
-|                 |                 | occured. New incidents are possible, but not highly likely.  |
+|                 |                 | occurred. New incidents are possible, but not highly likely.  |
 +-----------------+-----------------+--------------------------------------------------------------+
 |                 |                 |                                                              |  
 +-----------------+-----------------+--------------------------------------------------------------+
 | High            | 2               | Either existing security controls are not in place or        |
 |                 |                 | ineffective; there is a high probability of the risk being   |                    
-|                 |                 | realized. Incidents have a high likelihood of occuring in the|
+|                 |                 | realized. Incidents have a high likelihood of occurring in the|
 |                 |                 | future.                                             |
 +-----------------+-----------------+--------------------------------------------------------------+
 |                 |                 |                                                              |