Designing Data Classification and Secure Store Policy According to SOC 2 Type II

Deineka, O. and Harasymchuk, O. and Partyka, A. and Obshta, A. and Korshun, Natalia (2024) Designing Data Classification and Secure Store Policy According to SOC 2 Type II Cybersecurity Providing in Information and Telecommunication Systems 2024, 3654. pp. 398-409. ISSN 1613-0073

[thumbnail of O_Deineka_O_Harasymchuk_A_Partyka_A_Obshta_N_Korshun_CPITS_3654_2024.pdf] Text

Download (573kB)


This paper discusses the design of a data classification policy for SOC 2 Type II compliance. SOC 2 Type II is a significant certification that attests to a service organization’s ability to meet the Trust Services Criteria, which encompass security, availability, processing integrity, confidentiality, and privacy. Data classification is a critical first step in establishing a robust data security strategy, as it helps organizations understand what data they have and assigns a level of sensitivity to that data, which informs the security controls that should be applied. The main objectives of data classification are to organize and manage data in a way that enhances its protection and aligns with the overall data security strategy of an organization. Data security plays a pivotal role in the data classification process, as it directly influences how classified data is protected and managed. Designing a data classification policy for SOC 2 Type II compliance involves several challenges and considerations that organizations must navigate to effectively protect sensitive information and maintain the integrity of their service delivery. These challenges and considerations include understanding the scope of data, aligning with the Trust Services Criteria, balancing security with usability, training, and awareness, regular updates, and reviews, defining classification levels, ensuring consistency, automating classification, integration with other policies and controls, dealing with third-party vendors, monitoring and enforcement, and legal and regulatory compliance.

Item Type: Article
Uncontrolled Keywords: SOC 2 Type II; data classification; data security; access management; storage
Subjects: Статті у базах даних > Scopus
Divisions: Факультет інформаційних технологій та математики > Кафедра інформаційної та кібернетичної безпеки ім. професора Володимира Бурячка
Depositing User: Павло Миколайович Складанний
Date Deposited: 09 Apr 2024 07:14
Last Modified: 09 Apr 2024 07:14

Actions (login required)

View Item View Item