Download The “SOC 2 Controls List” XLS

Download the full list of SOC 2 internal control requirements. Controls list includes the latest AICPA 2017 Trust Services Criteria (TSC) and connected COSO standards.

View the list of control requirements when preparing for SOC 2 Type I and SOC 2 Type II audits.

Download The “SOC 2 Controls List” XLS

SOC 2 Controls List

Organizations working to obtain a SOC 2 Type I or SOC 2 Type II report must implement all necessary internal controls and go through an independent SOC 2 audit with an AICPA approved audit firm to receive a report.

To prepare for a SOC 2 audit, teams can download our latest SOC 2 controls list. Dash has created an Excel document listing all SOC 2 controls, including all necessary trust services criteria and integrated COSO framework controls. Teams may consider using this document as a starting point for determining security program gaps and working towards SOC 2 readiness.

Learn About SOC 2 Internal Control Requirements

Download The Control List!

TSC are comprised of nine sub-categories of controls:

Control environment (CC1)

Communication and information (CC2)

Risk assessment (CC3)

Monitoring of controls (CC4)

Control activities related to the design and implementation of controls (CC5)

Logical and physical access controls (CC6)

System operations (CC7)

Change management (CC8)

Risk mitigation (CC9)

Trust Service Criteria (TSC) Requirements

For SOC 2 audits, service organizations are evaluated against one or more trust services criteria (TSC) previously known as trust services principles (TSP). The five criteria are Security, Availability, Processing Integrity, Confidentiality, and Privacy.

Teams must show evidence and control effectiveness for all internal controls for all evaluated criteria. Included in this controls list is TSC related control requirements for all nine categories. Teams can use this SOC 2 control list to plan, implement, and maintain SOC 2 service criteria and better prepare for a SOC 2 audit.