SOC 2 (Systems and Organization Controls)

Requirement

CC2.2: Internal communication of information

Oh no! No description found. But not to worry. Read from Tasks below how to advance this topic.

COSO Principle 14: The entity internally communicates information, including objectives and responsibilities for internal control, necessary to support the functioning of internal control.

Points of focus:

- Communicates Internal Control Information
- Communicates With the Board of Directors
- Provides Separate Communication Lines
- Selects Relevant Method of Communication
- Communicates Responsibilities
- Communicates Information on Reporting Failures, Incidents, Concerns, and Other Matters
- Communicates Objectives and Changes to Objectives
- Communicates Information to Improve Security Knowledge and Awareness
- Communicates Information About System Operation and Boundaries
- Communicates System Objectives
- Communicates System Changes

Fulfill this requirement by completing the tasks below ->

This requirement is part of the framework:

SOC 2 (Systems and Organization Controls)

Other requirements of the framework

CC2.2: Internal communication of information

Best practices

How to implement:

CC2.2: Internal communication of information

This policy on

CC2.2: Internal communication of information

provides a set concrete tasks you can complete to secure this topic. Follow these best practices to ensure compliance and strengthen your overall security posture.

COSO Principle 14: The entity internally communicates information, including objectives and responsibilities for internal control, necessary to support the functioning of internal control.

Points of focus:

Read below what concrete actions you can take to improve this ->

Frameworks that include requirements for this topic:

No items found.

How to improve security around this topic

In Cyberday, requirements and controls are mapped to universal tasks. A set of tasks in the same topic create a Policy, such as this one.

Here's a list of tasks that help you improve your information and cyber security related to

CC2.2: Internal communication of information

Task name

Priority

Task completes

Complete these tasks to increase your compliance in this policy.

Critical

No other tasks found.

Complete these tasks in Cyberday ISMS ->

How to comply with this requirement

In Cyberday, requirements and controls are mapped to universal tasks. Each requirement is fulfilled with one or multiple tasks.

Here's a list of tasks that help you comply with the requirement

CC2.2: Internal communication of information

of the framework

SOC 2 (Systems and Organization Controls)

Task name

Priority

Task completes

Complete these tasks to increase your compliance in this policy.

Critical

Defining cyber security responsibilities and tasks in employment contracts

Critical

High

Normal

Low

Personnel security

Cyber security in contracts

Defining cyber security responsibilities and tasks in employment contracts

This task helps you comply with the following requirements

Članak 30.1.i (Ljudskih resursa): Sigurnost ljudskih resursa NIS2 Croatia

9.6 §: Henkilöstöturvallisuus ja tietoturvakoulutus Kyberturvallisuuslaki

2.1.2: Staff compliance with information security policies TISAX

9.7.1: Personnel commitment to Confidentiality TISAX

30 § 3.9° (ressources humaines): La sécurité des ressources humaines NIS2 Belgium

Reporting personal data breaches to authorities / data subjects

Critical

High

Normal

Low

Incident management

Data breach management

Reporting personal data breaches to authorities / data subjects

This task helps you comply with the following requirements

33. Notification of a personal data breach to the supervisory authority GDPR

34. Communication of a personal data breach to the data subject GDPR

16.1.5: Response to information security incidents ISO 27001

6.1.3: Contact with authorities ISO 27001

A.10.1: Notification of a data breach involving PII ISO 27018

General security guidelines for staff

Critical

High

Normal

Low

Personnel security

Security guidelines

General security guidelines for staff

This task helps you comply with the following requirements

Članak 30.1.g: Kibernetičke higijene i osposobljavanje o kibernetičkoj sigurnosti NIS2 Croatia

2.6: Ohjeet ja koulutus TiHL tietoturvavaatimukset

9.11 §: Perustason tietoturvakäytännöt ja henkilöstön vastuu Kyberturvallisuuslaki

2.1.2: Staff compliance with information security policies TISAX

9.7.1: Personnel commitment to Confidentiality TISAX

Informing about cyber security responsibilities that continue after employment relationship has ended

Critical

High

Normal

Low

Personnel security

Changes in employment relationships

Informing about cyber security responsibilities that continue after employment relationship has ended

This task helps you comply with the following requirements

30 § 3.9° (ressources humaines): La sécurité des ressources humaines NIS2 Belgium

PR.DS-5: Protections against data leaks are implemented.CyberFundamentals

PR.IP-11: Cybersecurity is included in human resources practices (deprovisioning, personnel screening…).CyberFundamentals

14.5.10.a): Žmogiškųjų išteklių saugumas NIS2 Lithuania

PR.DS-5: Data leak protection NIST

Communication plan for information security management system

Critical

High

Normal

Low

Risk management and leadership

Cyber security management

Communication plan for information security management system

This task helps you comply with the following requirements

Članak 29.a: Upravljanje NIS2 Croatia

31 § 1°: Approbation des mesures de gestion des risques de cybersécurité NIS2 Belgium

2.10.1: Include security in the organisation’s change management process NSM ICT-SP

RC.CO-2: Reputation is repaired after an incident.CyberFundamentals

ID.GV-1: Organizational cybersecurity policy is established and communicated.CyberFundamentals

Regular unit-based cyber security communication

Critical

High

Normal

Low

Personnel security

Cyber security training

Regular unit-based cyber security communication

This task helps you comply with the following requirements

7.2.2: Information security awareness, education and training ISO 27001

CC2.2: Internal communication of information SOC 2

PR.AT-1: All users are informed and trained.CyberFundamentals

4.4.4: Communicate and share findings with relevant stakeholders NSM ICT-SP

PR.AT-02: Individuals in specialized roles NIST 2.0

Arranging training and guidance during orientation (or before granting access rights)

Critical

High

Normal

Low

Personnel security

Cyber security training

Arranging training and guidance during orientation (or before granting access rights)

This task helps you comply with the following requirements

Članak 30.1.g: Kibernetičke higijene i osposobljavanje o kibernetičkoj sigurnosti NIS2 Croatia

2.6: Ohjeet ja koulutus TiHL tietoturvavaatimukset

9.11 §: Perustason tietoturvakäytännöt ja henkilöstön vastuu Kyberturvallisuuslaki

2.1.3: Staff training TISAX

4 §: Tiedonhallinnan järjestäminen tiedonhallintayksikössä TiHL

Communicating the results of cyber security incident analysis

Critical

High

Normal

Low

Incident management

Incident management and response

Communicating the results of cyber security incident analysis

This task helps you comply with the following requirements

16.1.6: Learning from information security incidents ISO 27001

PR.IP-8: Protection effectiveness NIST

DE.DP-4: Event detection NIST

5.27: Learning from information security incidents ISO 27001

CC2.2: Internal communication of information SOC 2

Complete these tasks in Cyberday ISMS ->

The ISMS component hierachy

When building an ISMS, it's important to understand the different levels of information hierarchy. Here's how Cyberday is structured.

Framework

Sets the overall compliance standard or regulation your organization needs to follow.

Requirements

Break down the framework into specific obligations that must be met.

Tasks

Concrete actions and activities your team carries out to satisfy each requirement.

Policies

Documented rules and practices that are created and maintained as a result of completing tasks.