Prompts de análisis de los Criterios de Servicios de Confianza
Comprensión de los Criterios de Servicios de Confianza
Utilice estos prompts para analizar qué Criterios de Servicios de Confianza se aplican a su servicio y comprender los requisitos específicos de Seguridad, Disponibilidad, Integridad del Procesamiento, Confidencialidad y Privacidad.
Definición del alcance de su compromiso SOC 2
Determinar los criterios aplicables
I'm preparing for a SOC 2 audit for [describe your service/system]. Help me determine which Trust Services Criteria (Security, Availability, Processing Integrity, Confidentiality, Privacy) are applicable based on:
- Service type: [e.g., cloud-based HR platform]
- Data handled: [e.g., employee PII, payroll data]
- Customer expectations: [e.g., 99.9% uptime guarantee]
- Regulatory requirements: [e.g., GDPR, HIPAA]
Provide a recommendation with justification for each criterion.Definición de los límites del alcance
Help me define the scope boundaries for my SOC 2 Type [I/II] audit of [service name]. Include:
- In-scope systems and applications: [list key systems]
- Out-of-scope components: [list exclusions]
- Third-party services: [list vendors]
- Physical locations: [list data centers/offices]
- Time period: [for Type II]
Generate a scope statement suitable for inclusion in my system description.Cargue su diagrama de arquitectura de sistema existente o mapa de red para ayudar a ISMS Copilot a proporcionar recomendaciones de alcance más precisas.
Criterios Comunes (Seguridad - Obligatorio)
Resumen de los criterios de seguridad
Explain the Security Common Criteria (CC1.0 through CC9.0) requirements for SOC 2. For each criterion, provide:
- The control objective
- Key requirements and points of focus
- Typical controls organizations implement
- Common audit evidenceAnálisis profundo de criterios específicos
Provide detailed guidance on SOC 2 criterion [CC6.1] including:
- Full requirement text and points of focus
- How this applies to [describe your environment]
- Example controls that satisfy this criterion
- Evidence auditors typically request
- Common gaps organizations faceCriterios de Disponibilidad
Evaluación de aplicabilidad de Disponibilidad
I offer [service description] with [uptime SLA/commitment]. Should I include the Availability criteria in my SOC 2 scope? Consider:
- Our uptime commitment: [percentage or description]
- System architecture: [e.g., multi-region cloud, single data center]
- Customer contracts: [uptime guarantees]
- Incident history: [recent availability issues]
Provide a recommendation and list the specific Availability criteria I'd need to address.Mapeo de controles de Disponibilidad
List all SOC 2 Availability criteria (A1.1, A1.2, A1.3) and for each one, suggest specific controls for [your service type]. Include:
- Monitoring and alerting controls
- Capacity planning processes
- Incident response procedures
- Backup and recovery mechanismsCriterios de Integridad del Procesamiento
Aplicabilidad de Integridad del Procesamiento
Help me determine if Processing Integrity criteria apply to my SOC 2 scope. My service:
- Type: [e.g., payment processing, data transformation, reporting]
- Processing activities: [describe key data processing]
- Accuracy requirements: [customer expectations or regulatory requirements]
- Quality controls: [existing validation processes]
Should I include Processing Integrity? What specific criteria would apply?Identificación de controles de procesamiento
For SOC 2 Processing Integrity criterion [PI1.1], help me identify controls for [your processing activity]. Address:
- Input validation and data quality checks
- Processing logic verification
- Output accuracy monitoring
- Error detection and correction
- Reconciliation processesCriterios de Confidencialidad
Alcance de Confidencialidad
I handle [types of confidential information] in my service. Analyze whether Confidentiality criteria should be in scope considering:
- Data types: [customer proprietary data, trade secrets, etc.]
- Contractual obligations: [NDAs, customer agreements]
- Access controls: [who can access what]
- Encryption practices: [at rest and in transit]
Provide a recommendation and list applicable Confidentiality criteria.Diseño de controles de Confidencialidad
Design controls to meet SOC 2 Confidentiality criteria for [your service]. Cover:
- Data classification scheme
- Access control policies
- Encryption requirements (at rest, in transit, in use)
- Secure disposal procedures
- Third-party confidentiality agreementsCriterios de Privacidad
Evaluación de aplicabilidad de Privacidad
Determine if Privacy criteria apply to my SOC 2 scope. We process:
- Personal information types: [list PII collected]
- Data subjects: [customers, employees, end users]
- Privacy regulations: [GDPR, CCPA, etc.]
- Privacy commitments: [privacy policy, consent mechanisms]
- Geographic scope: [regions where data subjects are located]
Should Privacy be included? Which specific Privacy criteria are most relevant?Mapeo de principios GAPP
Map the Generally Accepted Privacy Principles (GAPP) to our privacy practices for [your service]:
- Notice: [how we inform data subjects]
- Choice and consent: [opt-in/opt-out mechanisms]
- Collection: [what we collect and why]
- Use and retention: [how we use data and retention periods]
- Access: [data subject access rights]
- Disclosure to third parties: [who we share with]
- Security: [privacy-specific security controls]
- Quality: [data accuracy measures]
- Monitoring and enforcement: [compliance oversight]
Generate a Privacy criteria mapping table.Si opera en múltiples jurisdicciones, asegúrese de que su análisis de los criterios de Privacidad tenga en cuenta los requisitos específicos de la región, como GDPR, CCPA u otras leyes de privacidad.
Análisis de criterios cruzados
Identificación de solapamiento de criterios
I'm including [list selected criteria] in my SOC 2 scope. Identify where these criteria overlap and how I can design controls that satisfy multiple criteria simultaneously. Provide:
- Common control objectives across criteria
- Shared evidence opportunities
- Integrated control recommendations
- Efficiency tips for audit preparationAnálisis de brechas por criterio
Conduct a gap analysis for [specific Trust Services Criterion] against our current state:
Current controls in place:
[Describe your existing controls]
Current documentation:
[List policies, procedures you have]
Known weaknesses:
[List any known gaps]
Provide a detailed gap assessment with prioritized remediation recommendations.Utilice estos prompts de análisis de criterios al inicio de su trayectoria hacia SOC 2 para establecer el alcance correcto y evitar cambios costosos a mitad de la auditoría.
¿Te fue útil?