ISMS Copilot
Bibliothèque de prompts SOC 2

Prompts d'analyse des critères des services de confiance

Comprendre les critères des services de confiance (TSC)

Utilisez ces prompts pour analyser quels critères des services de confiance s'appliquent à votre service et comprendre les exigences spécifiques en matière de sécurité, de disponibilité, d'intégrité du traitement, de confidentialité et de protection de la vie privée.

Définir le périmètre de votre mission SOC 2

Déterminer les critères applicables

I'm preparing for a SOC 2 audit for [describe your service/system]. Help me determine which Trust Services Criteria (Security, Availability, Processing Integrity, Confidentiality, Privacy) are applicable based on:
- Service type: [e.g., cloud-based HR platform]
- Data handled: [e.g., employee PII, payroll data]
- Customer expectations: [e.g., 99.9% uptime guarantee]
- Regulatory requirements: [e.g., GDPR, HIPAA]

Provide a recommendation with justification for each criterion.

Définition des limites du périmètre

Help me define the scope boundaries for my SOC 2 Type [I/II] audit of [service name]. Include:
- In-scope systems and applications: [list key systems]
- Out-of-scope components: [list exclusions]
- Third-party services: [list vendors]
- Physical locations: [list data centers/offices]
- Time period: [for Type II]

Generate a scope statement suitable for inclusion in my system description.

Téléchargez votre schéma d'architecture système ou votre carte réseau existante pour aider l'ISMS Copilot à fournir des recommandations de cadrage plus précises.

Critères communs (Sécurité - Requis)

Aperçu des critères de sécurité

Explain the Security Common Criteria (CC1.0 through CC9.0) requirements for SOC 2. For each criterion, provide:
- The control objective
- Key requirements and points of focus
- Typical controls organizations implement
- Common audit evidence

Approfondissement d'un critère spécifique

Provide detailed guidance on SOC 2 criterion [CC6.1] including:
- Full requirement text and points of focus
- How this applies to [describe your environment]
- Example controls that satisfy this criterion
- Evidence auditors typically request
- Common gaps organizations face

Critères de disponibilité

Évaluation de l'applicabilité de la disponibilité

I offer [service description] with [uptime SLA/commitment]. Should I include the Availability criteria in my SOC 2 scope? Consider:
- Our uptime commitment: [percentage or description]
- System architecture: [e.g., multi-region cloud, single data center]
- Customer contracts: [uptime guarantees]
- Incident history: [recent availability issues]

Provide a recommendation and list the specific Availability criteria I'd need to address.

Cartographie des contrôles de disponibilité

List all SOC 2 Availability criteria (A1.1, A1.2, A1.3) and for each one, suggest specific controls for [your service type]. Include:
- Monitoring and alerting controls
- Capacity planning processes
- Incident response procedures
- Backup and recovery mechanisms

Critères d'intégrité du traitement

Applicabilité de l'intégrité du traitement

Help me determine if Processing Integrity criteria apply to my SOC 2 scope. My service:
- Type: [e.g., payment processing, data transformation, reporting]
- Processing activities: [describe key data processing]
- Accuracy requirements: [customer expectations or regulatory requirements]
- Quality controls: [existing validation processes]

Should I include Processing Integrity? What specific criteria would apply?

Identification des contrôles de traitement

For SOC 2 Processing Integrity criterion [PI1.1], help me identify controls for [your processing activity]. Address:
- Input validation and data quality checks
- Processing logic verification
- Output accuracy monitoring
- Error detection and correction
- Reconciliation processes

Critères de confidentialité

Définition du périmètre de confidentialité

I handle [types of confidential information] in my service. Analyze whether Confidentiality criteria should be in scope considering:
- Data types: [customer proprietary data, trade secrets, etc.]
- Contractual obligations: [NDAs, customer agreements]
- Access controls: [who can access what]
- Encryption practices: [at rest and in transit]

Provide a recommendation and list applicable Confidentiality criteria.

Conception des contrôles de confidentialité

Design controls to meet SOC 2 Confidentiality criteria for [your service]. Cover:
- Data classification scheme
- Access control policies
- Encryption requirements (at rest, in transit, in use)
- Secure disposal procedures
- Third-party confidentiality agreements

Critères relatifs à la vie privée

Évaluation de l'applicabilité de la protection de la vie privée

Determine if Privacy criteria apply to my SOC 2 scope. We process:
- Personal information types: [list PII collected]
- Data subjects: [customers, employees, end users]
- Privacy regulations: [GDPR, CCPA, etc.]
- Privacy commitments: [privacy policy, consent mechanisms]
- Geographic scope: [regions where data subjects are located]

Should Privacy be included? Which specific Privacy criteria are most relevant?

Cartographie des principes GAPP

Map the Generally Accepted Privacy Principles (GAPP) to our privacy practices for [your service]:
- Notice: [how we inform data subjects]
- Choice and consent: [opt-in/opt-out mechanisms]
- Collection: [what we collect and why]
- Use and retention: [how we use data and retention periods]
- Access: [data subject access rights]
- Disclosure to third parties: [who we share with]
- Security: [privacy-specific security controls]
- Quality: [data accuracy measures]
- Monitoring and enforcement: [compliance oversight]

Generate a Privacy criteria mapping table.

Si vous opérez dans plusieurs juridictions, assurez-vous que votre analyse des critères de confidentialité prend en compte les exigences spécifiques à chaque région, telles que le RGPD, le CCPA ou d'autres lois sur la protection de la vie privée.

Analyse croisée des critères

Identification des chevauchements de critères

I'm including [list selected criteria] in my SOC 2 scope. Identify where these criteria overlap and how I can design controls that satisfy multiple criteria simultaneously. Provide:
- Common control objectives across criteria
- Shared evidence opportunities
- Integrated control recommendations
- Efficiency tips for audit preparation

Analyse d'écart par critère

Conduct a gap analysis for [specific Trust Services Criterion] against our current state:

Current controls in place:
[Describe your existing controls]

Current documentation:
[List policies, procedures you have]

Known weaknesses:
[List any known gaps]

Provide a detailed gap assessment with prioritized remediation recommendations.

Utilisez ces prompts d'analyse de critères dès le début de votre parcours SOC 2 pour établir le bon périmètre et éviter des modifications de périmètre coûteuses en plein audit.

Cela vous a-t-il été utile ?