1
0
mirror of https://github.com/strongdm/comply synced 2024-11-22 07:34:54 +00:00

Merge pull request #80 from adamdecaf/2019-12-24-typos

soc2: fixup minor typos
This commit is contained in:
Rodolfo Campos 2021-09-21 12:02:48 +02:00 committed by GitHub
commit e3efe3d74f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 13 additions and 12 deletions

View File

@ -75,7 +75,7 @@ TODO: Finalize these lists
# Remediations # Remediations
{{.Name}} uses the outcomes of the aforementioned controls and procedures to identify shortcomings in the existing control environment. Once identified, these shortcomes are remediated by improving existing controls and procedures, and creating new controls and procedures as needed. {{.Name}} uses the outcomes of the aforementioned controls and procedures to identify shortcomings in the existing control environment. Once identified, these shortcomings are remediated by improving existing controls and procedures, and creating new controls and procedures as needed.
# Communications # Communications
@ -87,7 +87,7 @@ TODO: Finalize these lists
- Slack - Slack
- Email - Email
- Github ticketing - GitHub ticketing
## External ## External

View File

@ -66,7 +66,7 @@ a. When classifying information, the level of confidentiality is determined by:
+-------------------+------------------+---------------------------+---------------------------+ +-------------------+------------------+---------------------------+---------------------------+
| Restricted | Restricted | Unauthorized access to | Information is available | | Restricted | Restricted | Unauthorized access to | Information is available |
| | | information may cause | to a specific group of | | | | information may cause | to a specific group of |
| | | considerable damage to | employees and authhorized | | | | considerable damage to | employees and authorized |
| | | the business and/or | third parties. | | | | the business and/or | third parties. |
| | | the organization's | | | | | the organization's | |
| | | reputation. | | | | | reputation. | |

View File

@ -22,7 +22,7 @@ a. This policy defines the policies and rules governing data centers and secure
# Policy # Policy
a. The following locations are classified by the organization as secure areas and are goverened by this policy: a. The following locations are classified by the organization as secure areas and are governed by this policy:
i. [list all data center locations and secure areas under the organizations control] i. [list all data center locations and secure areas under the organizations control]

View File

@ -8,6 +8,7 @@ majorRevisions:
- date: Jun 1 2018 - date: Jun 1 2018
comment: Initial document comment: Initial document
--- ---
# Purpose and Scope # Purpose and Scope
a. The purpose of this policy is to define the organizations procedures to recover Information Technology (IT) infrastructure and IT services within set deadlines in the case of a disaster or other disruptive incident. The objective of this plan is to complete the recovery of IT infrastructure and IT services within a set Recovery Time Objective (RTO). a. The purpose of this policy is to define the organizations procedures to recover Information Technology (IT) infrastructure and IT services within set deadlines in the case of a disaster or other disruptive incident. The objective of this plan is to complete the recovery of IT infrastructure and IT services within a set Recovery Time Objective (RTO).

View File

@ -17,7 +17,7 @@ Appendix A: Retention Periods
a. This data retention policy defines the objectives and requirements for data retention within the organization. a. This data retention policy defines the objectives and requirements for data retention within the organization.
a. This policy covers all data within the organizations custody or control, irregardless of the medium the data is stored in (electronic form, paper form, etc.) Within this policy, the medium which holds data is referred to as information, no matter what form it is in. a. This policy covers all data within the organizations custody or control, regardless of the medium the data is stored in (electronic form, paper form, etc.) Within this policy, the medium which holds data is referred to as information, no matter what form it is in.
a. This policy applies to all users of information systems within the organization. This typically includes employees and contractors, as well as any external parties that come into contact with systems and information the organization owns or controls (hereinafter referred to as “users”). This policy must be made readily available to all users. a. This policy applies to all users of information systems within the organization. This typically includes employees and contractors, as well as any external parties that come into contact with systems and information the organization owns or controls (hereinafter referred to as “users”). This policy must be made readily available to all users.

View File

@ -87,13 +87,13 @@ Table 3: Description of Consequence Levels and Criteria
| Moderate | 1 | Either existing security controls have most provided an | | Moderate | 1 | Either existing security controls have most provided an |
| | | adequate level of protection or the probability of the risk | | | | adequate level of protection or the probability of the risk |
| | | being realized is moderate. Some minor incidents may have | | | | being realized is moderate. Some minor incidents may have |
| | | occured. New incidents are possible, but not highly likely. | | | | occurred. New incidents are possible, but not highly likely. |
+-----------------+-----------------+--------------------------------------------------------------+ +-----------------+-----------------+--------------------------------------------------------------+
| | | | | | | |
+-----------------+-----------------+--------------------------------------------------------------+ +-----------------+-----------------+--------------------------------------------------------------+
| High | 2 | Either existing security controls are not in place or | | High | 2 | Either existing security controls are not in place or |
| | | ineffective; there is a high probability of the risk being | | | | ineffective; there is a high probability of the risk being |
| | | realized. Incidents have a high likelihood of occuring in the| | | | realized. Incidents have a high likelihood of occurring in the|
| | | future. | | | | future. |
+-----------------+-----------------+--------------------------------------------------------------+ +-----------------+-----------------+--------------------------------------------------------------+
| | | | | | | |

View File

@ -154,7 +154,7 @@ C1.2:
PI1.1: PI1.1:
family: PI1 family: PI1
name: Processing Integrity Monitoring name: Processing Integrity Monitoring
description: The entity obtains or generates, uses, and communicates relevant, quality information regarding the objectives related to processing, including de nitions of data processed and product and service speci cations, to support the use of products and services description: The entity obtains or generates, uses, and communicates relevant, quality information regarding the objectives related to processing, including definitions of data processed and product and service speci cations, to support the use of products and services
PI1.2: PI1.2:
family: PI1 family: PI1
name: Processing Integrity Accuracy name: Processing Integrity Accuracy
@ -166,11 +166,11 @@ PI1.3:
PI1.4: PI1.4:
family: PI1 family: PI1
name: Processing Integrity Outputs name: Processing Integrity Outputs
description: The entity implements policies and procedures to make available or deliver output completely, accurately, and timely in accordance with speci cations to meet the entitys objectives description: The entity implements policies and procedures to make available or deliver output completely, accurately, and timely in accordance with specifications to meet the entitys objectives
PI1.5: PI1.5:
family: PI1 family: PI1
name: Processing Integrity Backups name: Processing Integrity Backups
description: The entity implements policies and procedures to store inputs, items in processing, and outputs completely, accurately, and timely in accordance with system speci cations to meet the entitys objectives description: The entity implements policies and procedures to store inputs, items in processing, and outputs completely, accurately, and timely in accordance with system specifications to meet the entitys objectives
P1.1: P1.1:
family: P1 family: P1
name: Privacy Notification name: Privacy Notification