Vulnerability scanning for SOC 2

Check out ourdemo account

SOC 2 Overview

System and Organization Controls (SOC) is a set of reports for auditing a business. SOC is maintained by the American Institute of Certified Public Accountants (AICPA). SOC 2 is the report for Trust Services Criteria.

Does SOC 2 require vulnerability scanning?

Section CC7.1 of the Trust Services Criteria covers detection and monitoring for vulnerabilities.

Here is the full text of section CC7.1:

To meet its objectives, the entity uses detection and monitoring procedures to identify (1) changes to configurations that result in the introduction of new vulnerabilities, and (2) susceptibilities to newly discovered vulnerabilities.

The following points of focus, specifically related to all engagements using the trust services criteria, highlight important characteristics relating to this criterion:

  • Uses Defined Configuration Standards — Management has defined configuration standards.
  • Monitors Infrastructure and Software — The entity monitors infrastructure and software for noncompliance with the standards, which could threaten the achieve- meant of the entity objectives.
  • Implements Change-Detection Mechanisms — The IT system includes a change-detection mechanism (for example, file integrity monitoring tools) to alert personnel to unauthorized modifications of critical system files, configuration files, or content files.
  • Detects Unknown or Unauthorized Components — Procedures are in place to detect the introduction of unknown or unauthorized components.
  • Conducts Vulnerability Scans — The entity conducts vulnerability scans designed to identify potential vulnerabilities or misconfigurations on a periodic basis and after any significant change in the environment and takes action to remediate identified deficiencies on a timely basis.

Highlighted HostedScan Features

Help protect your business and meet SOC 2 objectives with vulnerability scanning and management from HostedScan.

Comprehensive set of vulnerability scanners for networks, servers, websites, and APIs

Automated recurring scanning on a monthly, weekly, or daily schedule

Email alerts for any new findings

Reports and dashboard for vulnerability management and tracking remediation

Trusted by teams who require high-quality scans at speed

BbAmericas
Porsche
ExpediaGroup
WeMakeApps
SibylSoft
Luminary
CoinMe
Appetize
WonderProxy
Median
TaxiCaller
Yamaha
UniversityOfOxford
BbAmericas
Porsche
ExpediaGroup
WeMakeApps
SibylSoft
Luminary
CoinMe
Appetize
WonderProxy
Median
TaxiCaller
Yamaha
UniversityOfOxford
UniversityOfOxford
Yamaha
TaxiCaller
Median
WonderProxy
Appetize
CoinMe
Luminary
SibylSoft
WeMakeApps
ExpediaGroup
Porsche
BbAmericas
UniversityOfOxford
Yamaha
TaxiCaller
Median
WonderProxy
Appetize
CoinMe
Luminary
SibylSoft
WeMakeApps
ExpediaGroup
Porsche
BbAmericas

See the Power of HostedScan

HostedScan enables companies to meet compliance and security goals.