SOC 2 Assessment

Do you have an employee handbook that describes the responsibilities and expected behavior with regard to data and information system usage?

YesNo

Are employees required to acknowledge the employee handbook as a part of onboarding?

YesNo

Do you have a confidentiality agreement that prohibits any disclosure of information and other data to which the employee has been granted access?

YesNo

Are employees required to acknowledge the confidentiality agreement as a part of onboarding?

YesNo

Are managers required to complete performance reviews for direct reports at least annually?

YesNo

Does your company perform background checks on all prospective employees who will potentially interact with sensitive data?

YesNo

Does your company have a Board of Directors (or even an informal committee) that oversees your organizational security and/or compliance?

YesNo

Does this group have any members who are independent from your company's management team?

YesNo

Does this group meet at least annually and maintain formal meeting minutes?

YesNo

Does this group have a documented charter of its roles and responsibilities as related to security and compliance oversight?

YesNo

Does your company maintain an organizational chart? (Note - this might be automatically captured within your HR Integration).

YesNo

Has management established defined roles and responsibilities to oversee implementation of the information security policy (such as a formal security team or manager)?

YesNo

Are job descriptions documented for open positions as a part of the hiring process?

YesNo

Are job descriptions maintained for existing positions which are critical to the function of your system/business?

YesNo

Do employees complete security awareness training as a part of onboarding?

YesNo

Do employees complete security awareness training at least annually?

YesNo

Are employees and contractors who violate the code of conduct, subject to disciplinary actions documented in a formalized policy?

YesNo